From 1141f21dee24673286bed7dcb030a1b0e90a6f7c Mon Sep 17 00:00:00 2001 From: donnd-t Date: Tue, 2 Nov 2021 16:54:38 +1100 Subject: [PATCH] added support for headers --- lib/core/swagger.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/core/swagger.py b/lib/core/swagger.py index ec8013345..65ee87084 100644 --- a/lib/core/swagger.py +++ b/lib/core/swagger.py @@ -34,7 +34,7 @@ class Operation: # header injection is not currently supported def injectable(self, body): - return len(self.parametersForTypes(["query", "path"])) > 0 or body + return len(self.parametersForTypes(["query", "path", "header"])) > 0 or body def queryString(self): queryParameters = self.parametersForTypes(["query"]) @@ -59,6 +59,17 @@ class Operation: parameterPath = parameterPath.replace("{%s}" %p["name"], "%s*" %p["example"]) return parameterPath + def headers(self): + hdrs = [] + headerParameters = self.parametersForTypes(["header"]) + if len(headerParameters) < 1: + return hdrs + for hp in headerParameters: + if "example" not in hp: + raise SqlmapSkipTargetException("missing example for header '%s'" %hp["name"]) + hdrs.append((hp["name"], "%s*" %hp["example"])) + return hdrs + def _ref(swagger, refPath): paths = refPath.replace("#/", "", 1).split('/') r = swagger @@ -133,6 +144,7 @@ def parse(content, tags): cookie = None parameterPath = op.path(path) + headers = op.headers() qs = op.queryString() url = "%s%s" % (server, parameterPath) if body: @@ -142,7 +154,7 @@ def parse(content, tags): url += "?" + qs logger.debug("including url '%s', method '%s', data '%s', cookie '%s'" %(url, method, data, cookie)) - yield (url, method, data, cookie, None) + yield (url, method, data, cookie, tuple(headers)) else: logger.info("excluding path '%s', method '%s' as there are no parameters to inject" %(path, method))