sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adding support for generic XML POST data

Browse Source
This commit is contained in:
Miroslav Stampar 2012-10-04 18:44:12 +02:00
parent f71b937add
commit 098e446ca4
4 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/dicts.py
View File

@ -197,5 +197,6 @@ SQL_STATEMENTS = {
POST_HINT_CONTENT_TYPES = { POST_HINT_CONTENT_TYPES = {
POST_HINT.JSON: "application/json", POST_HINT.JSON: "application/json",
POST_HINT.SOAP: "application/soap+xml" POST_HINT.SOAP: "application/soap+xml",
POST_HINT.XML: "application/xml"
} }

1
lib/core/enums.py
View File

@ -68,6 +68,7 @@ class PLACE:
class POST_HINT: class POST_HINT:
SOAP = "SOAP" SOAP = "SOAP"
JSON = "JSON" JSON = "JSON"
XML = "XML (generic)"
class HTTPMETHOD: class HTTPMETHOD:
GET = "GET" GET = "GET"

4
lib/core/target.py
View File

@ -99,7 +99,7 @@ def __setRequestParams():
kb.postHint = POST_HINT.JSON kb.postHint = POST_HINT.JSON
elif re.search(SOAP_RECOGNITION_REGEX, conf.data): elif re.search(SOAP_RECOGNITION_REGEX, conf.data):
message = "SOAP like data found in POST data. " message = "SOAP/XML like data found in POST data. "
message += "Do you want to process it? [Y/n/q] " message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y") test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"): if test and test[0] in ("q", "Q"):
@ -107,7 +107,7 @@ def __setRequestParams():
elif test[0] not in ("n", "N"): elif test[0] not in ("n", "N"):
conf.data = re.sub(r"(<([^>]+)( [^<]*)?>)([^<]+)(</\2)", r"\g<1>\g<4>*\g<5>", conf.data) conf.data = re.sub(r"(<([^>]+)( [^<]*)?>)([^<]+)(</\2)", r"\g<1>\g<4>*\g<5>", conf.data)
kb.processUserMarks = True kb.processUserMarks = True
kb.postHint = POST_HINT.SOAP kb.postHint = POST_HINT.SOAP if "soap" in conf.data.lower() else POST_HINT.XML
else: else:
place = PLACE.POST place = PLACE.POST

4
lib/request/connect.py
View File

@ -583,8 +583,8 @@ class Connect:
logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload)) logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload))
if place == PLACE.CUSTOM_POST: if place == PLACE.CUSTOM_POST:
if kb.postHint == POST_HINT.SOAP: if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
# payloads in SOAP should have chars > and < replaced # payloads in SOAP/XML should have chars > and < replaced
# with their HTML encoded counterparts # with their HTML encoded counterparts
payload = payload.replace('>', "&gt;").replace('<', "&lt;") payload = payload.replace('>', "&gt;").replace('<', "&lt;")
elif kb.postHint == POST_HINT.JSON: elif kb.postHint == POST_HINT.JSON: