sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-28 20:43:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

added support for headers

Browse Source
This commit is contained in:
donnd-t 2021-11-02 16:54:38 +11:00
parent 65187decac
commit 1141f21dee
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/core/swagger.py
View File

@ -34,7 +34,7 @@ class Operation:
# header injection is not currently supported # header injection is not currently supported
def injectable(self, body): def injectable(self, body):
return len(self.parametersForTypes(["query", "path"])) > 0 or body return len(self.parametersForTypes(["query", "path", "header"])) > 0 or body
def queryString(self): def queryString(self):
queryParameters = self.parametersForTypes(["query"]) queryParameters = self.parametersForTypes(["query"])
@ -59,6 +59,17 @@ class Operation:
parameterPath = parameterPath.replace("{%s}" %p["name"], "%s*" %p["example"]) parameterPath = parameterPath.replace("{%s}" %p["name"], "%s*" %p["example"])
return parameterPath return parameterPath
def headers(self):
hdrs = []
headerParameters = self.parametersForTypes(["header"])
if len(headerParameters) < 1:
return hdrs
for hp in headerParameters:
if "example" not in hp:
raise SqlmapSkipTargetException("missing example for header '%s'" %hp["name"])
hdrs.append((hp["name"], "%s*" %hp["example"]))
return hdrs
def _ref(swagger, refPath): def _ref(swagger, refPath):
paths = refPath.replace("#/", "", 1).split('/') paths = refPath.replace("#/", "", 1).split('/')
r = swagger r = swagger
@ -133,6 +144,7 @@ def parse(content, tags):
cookie = None cookie = None
parameterPath = op.path(path) parameterPath = op.path(path)
headers = op.headers()
qs = op.queryString() qs = op.queryString()
url = "%s%s" % (server, parameterPath) url = "%s%s" % (server, parameterPath)
if body: if body:
@ -142,7 +154,7 @@ def parse(content, tags):
url += "?" + qs url += "?" + qs
logger.debug("including url '%s', method '%s', data '%s', cookie '%s'" %(url, method, data, cookie)) logger.debug("including url '%s', method '%s', data '%s', cookie '%s'" %(url, method, data, cookie))
yield (url, method, data, cookie, None) yield (url, method, data, cookie, tuple(headers))
else: else:
logger.info("excluding path '%s', method '%s' as there are no parameters to inject" %(path, method)) logger.info("excluding path '%s', method '%s' as there are no parameters to inject" %(path, method))