Implementation for an Issue #394

2025-10-31 16:07:55 +03:00 · 2013-02-14 15:32:16 +01:00 · 2013-02-14 15:32:16 +01:00 · 06d8547916
commit 06d8547916
parent 7944684ff2
1 changed files with 17 additions and 3 deletions
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
 """

 import codecs
+import functools
 import os
 import re
 import tempfile
@ -86,6 +87,19 @@ def _setRequestParams():
    if conf.data is not None:
        conf.method = HTTPMETHOD.POST

+        def process(match, repl):
+            if conf.testParameter and match.group("name") not in conf.testParameter:
+                retVal = match.group(0)
+            else:
+                retVal = repl
+                while True:
+                    _ = re.search(r"\\g<([^>]+)>", retVal)
+                    if _:
+                        retVal = retVal.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
+                    else:
+                        break
+            return retVal
+
        if re.search(JSON_RECOGNITION_REGEX, conf.data):
            message = "JSON like data found in POST data. "
            message += "Do you want to process it? [Y/n/q] "
@ -94,8 +108,8 @@ def _setRequestParams():
                raise SqlmapUserQuitException
            elif test[0] not in ("n", "N"):
                conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
-                conf.data = re.sub(r'("[^"]+"\s*:\s*"[^"]+)"', r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, conf.data)
-                conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?\d[\d\.]*\b)', r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, conf.data)
+                conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*"[^"]+)"', functools.partial(process, repl=r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
+                conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*)(-?\d[\d\.]*\b)', functools.partial(process, repl=r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
                kb.postHint = POST_HINT.JSON

        elif re.search(SOAP_RECOGNITION_REGEX, conf.data):
@ -106,7 +120,7 @@ def _setRequestParams():
                raise SqlmapUserQuitException
            elif test[0] not in ("n", "N"):
                conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
-                conf.data = re.sub(r"(<([^>]+)( [^<]*)?>)([^<]+)(</\2)", r"\g<1>\g<4>%s\g<5>" % CUSTOM_INJECTION_MARK_CHAR, conf.data)
+                conf.data = re.sub(r"(<(?P<name>[^>]+)( [^<]*)?>)([^<]+)(</\2)", functools.partial(process, repl=r"\g<1>\g<4>%s\g<5>" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
                kb.postHint = POST_HINT.SOAP if "soap" in conf.data.lower() else POST_HINT.XML

        elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data):