sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-28 09:00:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

it worksgit add .

Browse Source
This commit is contained in:
Marcel Gregoriadis 2018-12-10 01:16:22 +01:00
parent faedc45399
commit 1d001c0704
1 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
lib/request/connect.py
View File

@ -229,7 +229,6 @@ class Connect(object):
This method connects to the target URL or proxy and returns This method connects to the target URL or proxy and returns
the target URL page content the target URL page content
""" """
start = time.time() start = time.time()
if isinstance(conf.delay, (int, float)) and conf.delay > 0: if isinstance(conf.delay, (int, float)) and conf.delay > 0:
@ -772,6 +771,11 @@ class Connect(object):
if not multipart: if not multipart:
logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
#if "Invalid csrf token." in page:
# print "INVALID CSRF TOKEN"
#else:
# print "Valid CSRF Token"
return page, responseHeaders, code return page, responseHeaders, code
@staticmethod @staticmethod
@ -782,7 +786,7 @@ class Connect(object):
and returns its page ratio (0 <= ratio <= 1) or a boolean value and returns its page ratio (0 <= ratio <= 1) or a boolean value
representing False/True match in case of !getRatioValue representing False/True match in case of !getRatioValue
""" """
#print "queryPage()"
if conf.direct: if conf.direct:
return direct(value, content) return direct(value, content)
@ -992,8 +996,8 @@ class Connect(object):
tmp = key tmp = key
break break
if tmp:
if tmp: conf.csrfToken = tmp conf.csrfToken = tmp
token = extractRegexResult(r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % re.escape(conf.csrfToken), page or "") token = extractRegexResult(r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % re.escape(conf.csrfToken), page or "")
@ -1016,16 +1020,21 @@ class Connect(object):
del conf.paramDict[PLACE.GET][key] del conf.paramDict[PLACE.GET][key]
break break
else:
token = extractRegexResult(
r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % re.escape(conf.csrfToken),
page or "")
#print "###########################" getParams = dict(urlparse.parse_qsl(get))
#print "- Token: " + token for key, value in getParams.iteritems():
#print "- Token Name: " + conf.csrfToken if re.search(r"\b%s\b" % csrfTokenPattern, key):
#print "- Parameters: " + conf.parameters[PLACE.GET] getParams[conf.csrfToken] = token
#print "############################" if key != conf.csrfToken:
del getParams[key]
break
urllib.quote_plus = urllib.quote # A fix for urlencoder to give %20
get = urllib.urlencode(getParams)
else:
token = extractRegexResult(
r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % re.escape(conf.csrfToken),
page or "")
if not token: if not token: