mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-24 08:14:24 +03:00
Implementation for an Issue #48
This commit is contained in:
Miroslav Stampar
parent
81848c723d
commit
03dd958d96
|
|
@ -129,6 +129,9 @@ def _formatInjection(inj):
|
||||||
title = sdata.title
|
title = sdata.title
|
||||||
vector = sdata.vector
|
vector = sdata.vector
|
||||||
comment = sdata.comment
|
comment = sdata.comment
|
||||||
|
payload = agent.adjustLateValues(sdata.payload)
|
||||||
|
if inj.place == PLACE.CUSTOM_HEADER:
|
||||||
|
payload = payload.split(',', 1)[1]
|
||||||
if stype == PAYLOAD.TECHNIQUE.UNION:
|
if stype == PAYLOAD.TECHNIQUE.UNION:
|
||||||
count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1
|
count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1
|
||||||
title = re.sub(r"\d+ to \d+", str(count), title)
|
title = re.sub(r"\d+ to \d+", str(count), title)
|
||||||
|
|
@ -139,7 +142,7 @@ def _formatInjection(inj):
|
||||||
vector = "%s%s" % (vector, comment)
|
vector = "%s%s" % (vector, comment)
|
||||||
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
|
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
|
||||||
data += " Title: %s\n" % title
|
data += " Title: %s\n" % title
|
||||||
data += " Payload: %s\n" % agent.adjustLateValues(sdata.payload)
|
data += " Payload: %s\n" % payload
|
||||||
data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
|
data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
|
||||||
|
|
||||||
return data
|
return data
|
||||||
|
|
@ -369,7 +372,7 @@ def start():
|
||||||
parameters = conf.parameters.keys()
|
parameters = conf.parameters.keys()
|
||||||
|
|
||||||
# Order of testing list (first to last)
|
# Order of testing list (first to last)
|
||||||
orderList = (PLACE.CUSTOM_POST, PLACE.URI, PLACE.POST, PLACE.GET)
|
orderList = (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER, PLACE.URI, PLACE.POST, PLACE.GET)
|
||||||
|
|
||||||
for place in orderList[::-1]:
|
for place in orderList[::-1]:
|
||||||
if place in parameters:
|
if place in parameters:
|
||||||
|
|
@ -377,7 +380,6 @@ def start():
|
||||||
parameters.insert(0, place)
|
parameters.insert(0, place)
|
||||||
|
|
||||||
proceed = True
|
proceed = True
|
||||||
|
|
||||||
for place in parameters:
|
for place in parameters:
|
||||||
# Test User-Agent and Referer headers only if
|
# Test User-Agent and Referer headers only if
|
||||||
# --level >= 3
|
# --level >= 3
|
||||||
|
|
@ -444,15 +446,15 @@ def start():
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
|
elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
|
||||||
check = checkDynParam(place, parameter, value)
|
check = checkDynParam(place, parameter, value)
|
||||||
|
|
||||||
if not check:
|
if not check:
|
||||||
warnMsg = "%s parameter '%s' does not appear dynamic" % (place, parameter)
|
warnMsg = "%s parameter '%s' does not appear dynamic" % (place, parameter)
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
infoMsg = "%s parameter '%s' is dynamic" % (place, parameter)
|
infoMsg = "%s parameter '%s' is dynamic" % (place, parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
kb.testedParams.add(paramKey)
|
kb.testedParams.add(paramKey)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -90,6 +90,10 @@ class Agent(object):
|
||||||
paramString = origValue
|
paramString = origValue
|
||||||
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
|
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
|
||||||
origValue = extractRegexResult(r"(?s)(?P<result>(\W+\Z|\w+\Z))", origValue)
|
origValue = extractRegexResult(r"(?s)(?P<result>(\W+\Z|\w+\Z))", origValue)
|
||||||
|
elif place == PLACE.CUSTOM_HEADER:
|
||||||
|
paramString = origValue
|
||||||
|
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
|
||||||
|
origValue = origValue[origValue.index(',') + 1:]
|
||||||
|
|
||||||
if value is None:
|
if value is None:
|
||||||
if where == PAYLOAD.WHERE.ORIGINAL:
|
if where == PAYLOAD.WHERE.ORIGINAL:
|
||||||
|
|
@ -115,7 +119,7 @@ class Agent(object):
|
||||||
|
|
||||||
newValue = self.cleanupPayload(newValue, origValue)
|
newValue = self.cleanupPayload(newValue, origValue)
|
||||||
|
|
||||||
if place in (PLACE.URI, PLACE.CUSTOM_POST):
|
if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
|
||||||
_ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR)
|
_ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR)
|
||||||
if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString:
|
if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString:
|
||||||
newValue = '"%s"' % newValue
|
newValue = '"%s"' % newValue
|
||||||
|
|
|
||||||
|
|
@ -64,6 +64,7 @@ class PLACE:
|
||||||
REFERER = "Referer"
|
REFERER = "Referer"
|
||||||
HOST = "Host"
|
HOST = "Host"
|
||||||
CUSTOM_POST = "(custom) POST"
|
CUSTOM_POST = "(custom) POST"
|
||||||
|
CUSTOM_HEADER = "(custom) HEADER"
|
||||||
|
|
||||||
class POST_HINT:
|
class POST_HINT:
|
||||||
SOAP = "SOAP"
|
SOAP = "SOAP"
|
||||||
|
|
|
||||||
|
|
@ -147,10 +147,10 @@ def _setRequestParams():
|
||||||
elif test[0] in ("q", "Q"):
|
elif test[0] in ("q", "Q"):
|
||||||
raise SqlmapUserQuitException
|
raise SqlmapUserQuitException
|
||||||
|
|
||||||
for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data)):
|
for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, re.sub(r"\bq=[^;']+", "", str(conf.httpHeaders)))):
|
||||||
if CUSTOM_INJECTION_MARK_CHAR in (value or ""):
|
if CUSTOM_INJECTION_MARK_CHAR in (value or ""):
|
||||||
if kb.processUserMarks is None:
|
if kb.processUserMarks is None:
|
||||||
_ = {PLACE.URI: '-u', PLACE.CUSTOM_POST: '--data'}
|
_ = {PLACE.URI: '-u', PLACE.CUSTOM_POST: '--data', PLACE.CUSTOM_HEADER: '--headers/--user-agent/--referer'}
|
||||||
message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
|
message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
|
||||||
message += "'%s'. Do you want to process it? [Y/n/q] " % _[place]
|
message += "'%s'. Do you want to process it? [Y/n/q] " % _[place]
|
||||||
test = readInput(message, default="Y")
|
test = readInput(message, default="Y")
|
||||||
|
|
@ -170,21 +170,28 @@ def _setRequestParams():
|
||||||
conf.url = conf.url.split('?')[0]
|
conf.url = conf.url.split('?')[0]
|
||||||
conf.paramDict[PLACE.GET] = paramDict
|
conf.paramDict[PLACE.GET] = paramDict
|
||||||
testableParameters = True
|
testableParameters = True
|
||||||
continue
|
else:
|
||||||
|
conf.parameters[place] = value
|
||||||
|
conf.paramDict[place] = OrderedDict()
|
||||||
|
|
||||||
conf.parameters[place] = value
|
if place == PLACE.CUSTOM_HEADER:
|
||||||
conf.paramDict[place] = OrderedDict()
|
for index in xrange(len(conf.httpHeaders)):
|
||||||
parts = value.split(CUSTOM_INJECTION_MARK_CHAR)
|
header, value = conf.httpHeaders[index]
|
||||||
|
if CUSTOM_INJECTION_MARK_CHAR in re.sub(r"\bq=[^;']+", "", value):
|
||||||
|
conf.paramDict[place][header] = "%s,%s" % (header, value)
|
||||||
|
conf.httpHeaders[index] = (header, value.replace(CUSTOM_INJECTION_MARK_CHAR, ""))
|
||||||
|
else:
|
||||||
|
parts = value.split(CUSTOM_INJECTION_MARK_CHAR)
|
||||||
|
|
||||||
for i in xrange(len(parts) - 1):
|
for i in xrange(len(parts) - 1):
|
||||||
conf.paramDict[place]["%s#%d%s" % (("%s " % kb.postHint) if kb.postHint else "", i + 1, CUSTOM_INJECTION_MARK_CHAR)] = "".join("%s%s" % (parts[j], CUSTOM_INJECTION_MARK_CHAR if i == j else "") for j in xrange(len(parts)))
|
conf.paramDict[place]["%s#%d%s" % (("%s " % kb.postHint) if kb.postHint else "", i + 1, CUSTOM_INJECTION_MARK_CHAR)] = "".join("%s%s" % (parts[j], CUSTOM_INJECTION_MARK_CHAR if i == j else "") for j in xrange(len(parts)))
|
||||||
|
|
||||||
if place == PLACE.URI and PLACE.GET in conf.paramDict:
|
if place == PLACE.URI and PLACE.GET in conf.paramDict:
|
||||||
del conf.paramDict[PLACE.GET]
|
del conf.paramDict[PLACE.GET]
|
||||||
elif place == PLACE.CUSTOM_POST and PLACE.POST in conf.paramDict:
|
elif place == PLACE.CUSTOM_POST and PLACE.POST in conf.paramDict:
|
||||||
del conf.paramDict[PLACE.POST]
|
del conf.paramDict[PLACE.POST]
|
||||||
|
|
||||||
testableParameters = True
|
testableParameters = True
|
||||||
|
|
||||||
if kb.processUserMarks:
|
if kb.processUserMarks:
|
||||||
conf.url = conf.url.replace(CUSTOM_INJECTION_MARK_CHAR, "")
|
conf.url = conf.url.replace(CUSTOM_INJECTION_MARK_CHAR, "")
|
||||||
|
|
|
||||||
|
|
@ -617,7 +617,6 @@ class Connect(object):
|
||||||
else:
|
else:
|
||||||
payload = json.dumps(payload)[1:-1]
|
payload = json.dumps(payload)[1:-1]
|
||||||
value = agent.replacePayload(value, payload)
|
value = agent.replacePayload(value, payload)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
if not skipUrlEncode and place in (PLACE.GET, PLACE.COOKIE, PLACE.URI):
|
if not skipUrlEncode and place in (PLACE.GET, PLACE.COOKIE, PLACE.URI):
|
||||||
# GET, URI and Cookie need to be throughly URL encoded (POST is encoded down below)
|
# GET, URI and Cookie need to be throughly URL encoded (POST is encoded down below)
|
||||||
|
|
@ -686,6 +685,11 @@ class Connect(object):
|
||||||
else:
|
else:
|
||||||
uri = conf.url
|
uri = conf.url
|
||||||
|
|
||||||
|
if place == PLACE.CUSTOM_HEADER:
|
||||||
|
if not auxHeaders:
|
||||||
|
auxHeaders = {}
|
||||||
|
auxHeaders[value.split(',')[0]] = value.split(',', 1)[1]
|
||||||
|
|
||||||
if conf.rParam:
|
if conf.rParam:
|
||||||
def _randomizeParameter(paramString, randomParameter):
|
def _randomizeParameter(paramString, randomParameter):
|
||||||
retVal = paramString
|
retVal = paramString
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user