sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-29 04:53:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update and patch for an Issue #2

Browse Source
This commit is contained in:
Miroslav Stampar 2014-11-17 11:50:05 +01:00
parent 733e06e31f
commit 05d5342f20
7 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@ -460,7 +460,7 @@ def start():
elif parameter == conf.csrfToken: elif parameter == conf.csrfToken:
testSqlInj = False testSqlInj = False
infoMsg = "skipping CSRF protection token parameter '%s'" % parameter infoMsg = "skipping anti-CSRF token parameter '%s'" % parameter
logger.info(infoMsg) logger.info(infoMsg)
# Ignore session-like parameters for --level < 4 # Ignore session-like parameters for --level < 4

2
lib/core/optiondict.py
View File

@ -52,6 +52,8 @@ optDict = {
"safUrl": "string", "safUrl": "string",
"saFreq": "integer", "saFreq": "integer",
"skipUrlEncode": "boolean", "skipUrlEncode": "boolean",
"csrfToken": "string",
"csrfUrl": "string",
"forceSSL": "boolean", "forceSSL": "boolean",
"hpp": "boolean", "hpp": "boolean",
"evalCode": "string", "evalCode": "string",

2
lib/core/settings.py
View File

@ -606,7 +606,7 @@ METASPLOIT_SESSION_TIMEOUT = 300
# Reference: http://www.cookiecentral.com/faq/#3.5 # Reference: http://www.cookiecentral.com/faq/#3.5
NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File." NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
# Infixes used for automatic recognition of parameters carrying CSRF protection tokens # Infixes used for automatic recognition of parameters carrying anti-CSRF tokens
CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf") CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf")
# Prefixes used in brute force search for web server document root # Prefixes used in brute force search for web server document root

4
lib/core/target.py
View File

@ -348,14 +348,14 @@ def _setRequestParams():
if conf.csrfToken: if conf.csrfToken:
if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders) and not conf.csrfToken in conf.paramDict.get(PLACE.COOKIE, {}): if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders) and not conf.csrfToken in conf.paramDict.get(PLACE.COOKIE, {}):
errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken
errMsg += "found in provided GET, POST, Cookie or header values" errMsg += "found in provided GET, POST, Cookie or header values"
raise SqlmapGenericException(errMsg) raise SqlmapGenericException(errMsg)
else: else:
for place in (PLACE.GET, PLACE.POST, PLACE.COOKIE): for place in (PLACE.GET, PLACE.POST, PLACE.COOKIE):
for parameter in conf.paramDict.get(place, {}): for parameter in conf.paramDict.get(place, {}):
if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES): if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter) message = "%s parameter '%s' appears to hold anti-CSRF token. " % (place, parameter)
message += "Do you want sqlmap to automatically update it in further requests? [y/N] " message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
test = readInput(message, default="N") test = readInput(message, default="N")
if test and test[0] in ("y", "Y"): if test and test[0] in ("y", "Y"):

4
lib/parse/cmdline.py
View File

@ -191,10 +191,10 @@ def cmdLineParser():
help="Skip URL encoding of payload data") help="Skip URL encoding of payload data")
request.add_option("--csrf-token", dest="csrfToken", request.add_option("--csrf-token", dest="csrfToken",
help="Parameter used to hold CSRF protection token") help="Parameter used to hold anti-CSRF token")
request.add_option("--csrf-url", dest="csrfUrl", request.add_option("--csrf-url", dest="csrfUrl",
help="URL address to visit to extract CSRF protection token") help="URL address to visit to extract anti-CSRF token")
request.add_option("--force-ssl", dest="forceSSL", request.add_option("--force-ssl", dest="forceSSL",
action="store_true", action="store_true",

2
lib/request/connect.py
View File

@ -787,7 +787,7 @@ class Connect(object):
break break
if not token: if not token:
errMsg = "CSRF protection token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url) errMsg = "anti-CSRF token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
if not conf.csrfUrl: if not conf.csrfUrl:
errMsg += ". You can try to rerun by providing " errMsg += ". You can try to rerun by providing "
errMsg += "a valid value for option '--csrf-url'" errMsg += "a valid value for option '--csrf-url'"

6
sqlmap.conf
View File

@ -158,6 +158,12 @@ saFreq = 0
# Valid: True or False # Valid: True or False
skipUrlEncode = False skipUrlEncode = False
# Parameter used to hold anti-CSRF token
csrfToken =
# URL address to visit to extract anti-CSRF token
csrfUrl =
# Force usage of SSL/HTTPS # Force usage of SSL/HTTPS
# Valid: True or False # Valid: True or False
forceSSL = False forceSSL = False