mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-02 20:54:13 +03:00
Fixes #1303
This commit is contained in:
Miroslav Stampar
parent
49212ec920
commit
00f190fc92
|
|
@ -430,6 +430,9 @@ def start():
|
|||
if skip:
|
||||
continue
|
||||
|
||||
if kb.testOnlyCustom and place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
|
||||
continue
|
||||
|
||||
if place not in conf.paramDict:
|
||||
continue
|
||||
|
||||
|
|
|
|||
|
|
@ -1864,6 +1864,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
|||
kb.technique = None
|
||||
kb.tempDir = None
|
||||
kb.testMode = False
|
||||
kb.testOnlyCustom = False
|
||||
kb.testQueryCount = 0
|
||||
kb.testType = None
|
||||
kb.threadContinue = True
|
||||
|
|
|
|||
|
|
@ -80,7 +80,6 @@ def _setRequestParams():
|
|||
return
|
||||
|
||||
testableParameters = False
|
||||
skipHeaders = False
|
||||
|
||||
# Perform checks on GET parameters
|
||||
if conf.parameters.get(PLACE.GET):
|
||||
|
|
@ -125,16 +124,7 @@ def _setRequestParams():
|
|||
kb.processUserMarks = not test or test[0] not in ("n", "N")
|
||||
|
||||
if kb.processUserMarks:
|
||||
skipHeaders = True
|
||||
|
||||
conf.parameters.clear()
|
||||
conf.paramDict.clear()
|
||||
|
||||
if "=%s" % CUSTOM_INJECTION_MARK_CHAR in conf.data:
|
||||
warnMsg = "it seems that you've provided empty parameter value(s) "
|
||||
warnMsg += "for testing. Please, always use only valid parameter values "
|
||||
warnMsg += "so sqlmap could be able to run properly"
|
||||
logger.warn(warnMsg)
|
||||
kb.testOnlyCustom = True
|
||||
|
||||
if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
|
||||
if re.search(JSON_RECOGNITION_REGEX, conf.data):
|
||||
|
|
@ -249,10 +239,7 @@ def _setRequestParams():
|
|||
kb.processUserMarks = not test or test[0] not in ("n", "N")
|
||||
|
||||
if kb.processUserMarks:
|
||||
skipHeaders = True
|
||||
|
||||
conf.parameters.clear()
|
||||
conf.paramDict.clear()
|
||||
kb.testOnlyCustom = True
|
||||
|
||||
if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
|
||||
warnMsg = "it seems that you've provided empty parameter value(s) "
|
||||
|
|
@ -317,50 +304,49 @@ def _setRequestParams():
|
|||
if conf.get(item):
|
||||
conf[item] = conf[item].replace(CUSTOM_INJECTION_MARK_CHAR, "")
|
||||
|
||||
if not skipHeaders:
|
||||
# Perform checks on Cookie parameters
|
||||
if conf.cookie:
|
||||
conf.parameters[PLACE.COOKIE] = conf.cookie
|
||||
paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
|
||||
# Perform checks on Cookie parameters
|
||||
if conf.cookie:
|
||||
conf.parameters[PLACE.COOKIE] = conf.cookie
|
||||
paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
|
||||
|
||||
if paramDict:
|
||||
conf.paramDict[PLACE.COOKIE] = paramDict
|
||||
testableParameters = True
|
||||
if paramDict:
|
||||
conf.paramDict[PLACE.COOKIE] = paramDict
|
||||
testableParameters = True
|
||||
|
||||
# Perform checks on header values
|
||||
if conf.httpHeaders:
|
||||
for httpHeader, headerValue in conf.httpHeaders:
|
||||
# Url encoding of the header values should be avoided
|
||||
# Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
|
||||
# Perform checks on header values
|
||||
if conf.httpHeaders:
|
||||
for httpHeader, headerValue in conf.httpHeaders:
|
||||
# Url encoding of the header values should be avoided
|
||||
# Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
|
||||
|
||||
httpHeader = httpHeader.title()
|
||||
httpHeader = httpHeader.title()
|
||||
|
||||
if httpHeader == HTTP_HEADER.USER_AGENT:
|
||||
conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
|
||||
if httpHeader == HTTP_HEADER.USER_AGENT:
|
||||
conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
|
||||
|
||||
condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
|
||||
condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
|
||||
|
||||
if condition:
|
||||
conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
|
||||
testableParameters = True
|
||||
if condition:
|
||||
conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
|
||||
testableParameters = True
|
||||
|
||||
elif httpHeader == HTTP_HEADER.REFERER:
|
||||
conf.parameters[PLACE.REFERER] = urldecode(headerValue)
|
||||
elif httpHeader == HTTP_HEADER.REFERER:
|
||||
conf.parameters[PLACE.REFERER] = urldecode(headerValue)
|
||||
|
||||
condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
|
||||
condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
|
||||
|
||||
if condition:
|
||||
conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
|
||||
testableParameters = True
|
||||
if condition:
|
||||
conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
|
||||
testableParameters = True
|
||||
|
||||
elif httpHeader == HTTP_HEADER.HOST:
|
||||
conf.parameters[PLACE.HOST] = urldecode(headerValue)
|
||||
elif httpHeader == HTTP_HEADER.HOST:
|
||||
conf.parameters[PLACE.HOST] = urldecode(headerValue)
|
||||
|
||||
condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
|
||||
condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
|
||||
|
||||
if condition:
|
||||
conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
|
||||
testableParameters = True
|
||||
if condition:
|
||||
conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
|
||||
testableParameters = True
|
||||
|
||||
if not conf.parameters:
|
||||
errMsg = "you did not provide any GET, POST and Cookie "
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user