mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Update and patch for an Issue #2
This commit is contained in:
parent
733e06e31f
commit
05d5342f20
|
@ -460,7 +460,7 @@ def start():
|
|||
elif parameter == conf.csrfToken:
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "skipping CSRF protection token parameter '%s'" % parameter
|
||||
infoMsg = "skipping anti-CSRF token parameter '%s'" % parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
# Ignore session-like parameters for --level < 4
|
||||
|
|
|
@ -52,6 +52,8 @@ optDict = {
|
|||
"safUrl": "string",
|
||||
"saFreq": "integer",
|
||||
"skipUrlEncode": "boolean",
|
||||
"csrfToken": "string",
|
||||
"csrfUrl": "string",
|
||||
"forceSSL": "boolean",
|
||||
"hpp": "boolean",
|
||||
"evalCode": "string",
|
||||
|
|
|
@ -606,7 +606,7 @@ METASPLOIT_SESSION_TIMEOUT = 300
|
|||
# Reference: http://www.cookiecentral.com/faq/#3.5
|
||||
NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
|
||||
|
||||
# Infixes used for automatic recognition of parameters carrying CSRF protection tokens
|
||||
# Infixes used for automatic recognition of parameters carrying anti-CSRF tokens
|
||||
CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf")
|
||||
|
||||
# Prefixes used in brute force search for web server document root
|
||||
|
|
|
@ -348,14 +348,14 @@ def _setRequestParams():
|
|||
|
||||
if conf.csrfToken:
|
||||
if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders) and not conf.csrfToken in conf.paramDict.get(PLACE.COOKIE, {}):
|
||||
errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken
|
||||
errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken
|
||||
errMsg += "found in provided GET, POST, Cookie or header values"
|
||||
raise SqlmapGenericException(errMsg)
|
||||
else:
|
||||
for place in (PLACE.GET, PLACE.POST, PLACE.COOKIE):
|
||||
for parameter in conf.paramDict.get(place, {}):
|
||||
if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
|
||||
message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter)
|
||||
message = "%s parameter '%s' appears to hold anti-CSRF token. " % (place, parameter)
|
||||
message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
|
||||
test = readInput(message, default="N")
|
||||
if test and test[0] in ("y", "Y"):
|
||||
|
|
|
@ -191,10 +191,10 @@ def cmdLineParser():
|
|||
help="Skip URL encoding of payload data")
|
||||
|
||||
request.add_option("--csrf-token", dest="csrfToken",
|
||||
help="Parameter used to hold CSRF protection token")
|
||||
help="Parameter used to hold anti-CSRF token")
|
||||
|
||||
request.add_option("--csrf-url", dest="csrfUrl",
|
||||
help="URL address to visit to extract CSRF protection token")
|
||||
help="URL address to visit to extract anti-CSRF token")
|
||||
|
||||
request.add_option("--force-ssl", dest="forceSSL",
|
||||
action="store_true",
|
||||
|
|
|
@ -787,7 +787,7 @@ class Connect(object):
|
|||
break
|
||||
|
||||
if not token:
|
||||
errMsg = "CSRF protection token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
|
||||
errMsg = "anti-CSRF token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
|
||||
if not conf.csrfUrl:
|
||||
errMsg += ". You can try to rerun by providing "
|
||||
errMsg += "a valid value for option '--csrf-url'"
|
||||
|
|
|
@ -158,6 +158,12 @@ saFreq = 0
|
|||
# Valid: True or False
|
||||
skipUrlEncode = False
|
||||
|
||||
# Parameter used to hold anti-CSRF token
|
||||
csrfToken =
|
||||
|
||||
# URL address to visit to extract anti-CSRF token
|
||||
csrfUrl =
|
||||
|
||||
# Force usage of SSL/HTTPS
|
||||
# Valid: True or False
|
||||
forceSSL = False
|
||||
|
|
Loading…
Reference in New Issue
Block a user