mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-12-01 05:53:51 +03:00
added support for headers
This commit is contained in:
parent
65187decac
commit
1141f21dee
|
@ -34,7 +34,7 @@ class Operation:
|
|||
|
||||
# header injection is not currently supported
|
||||
def injectable(self, body):
|
||||
return len(self.parametersForTypes(["query", "path"])) > 0 or body
|
||||
return len(self.parametersForTypes(["query", "path", "header"])) > 0 or body
|
||||
|
||||
def queryString(self):
|
||||
queryParameters = self.parametersForTypes(["query"])
|
||||
|
@ -59,6 +59,17 @@ class Operation:
|
|||
parameterPath = parameterPath.replace("{%s}" %p["name"], "%s*" %p["example"])
|
||||
return parameterPath
|
||||
|
||||
def headers(self):
|
||||
hdrs = []
|
||||
headerParameters = self.parametersForTypes(["header"])
|
||||
if len(headerParameters) < 1:
|
||||
return hdrs
|
||||
for hp in headerParameters:
|
||||
if "example" not in hp:
|
||||
raise SqlmapSkipTargetException("missing example for header '%s'" %hp["name"])
|
||||
hdrs.append((hp["name"], "%s*" %hp["example"]))
|
||||
return hdrs
|
||||
|
||||
def _ref(swagger, refPath):
|
||||
paths = refPath.replace("#/", "", 1).split('/')
|
||||
r = swagger
|
||||
|
@ -133,6 +144,7 @@ def parse(content, tags):
|
|||
cookie = None
|
||||
|
||||
parameterPath = op.path(path)
|
||||
headers = op.headers()
|
||||
qs = op.queryString()
|
||||
url = "%s%s" % (server, parameterPath)
|
||||
if body:
|
||||
|
@ -142,7 +154,7 @@ def parse(content, tags):
|
|||
url += "?" + qs
|
||||
|
||||
logger.debug("including url '%s', method '%s', data '%s', cookie '%s'" %(url, method, data, cookie))
|
||||
yield (url, method, data, cookie, None)
|
||||
yield (url, method, data, cookie, tuple(headers))
|
||||
else:
|
||||
logger.info("excluding path '%s', method '%s' as there are no parameters to inject" %(path, method))
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user