mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Implements #3916
This commit is contained in:
parent
617c336813
commit
30fba849e2
|
@ -2490,6 +2490,10 @@ def _basicOptionValidation():
|
||||||
errMsg = "option '--csrf-url' requires usage of option '--csrf-token'"
|
errMsg = "option '--csrf-url' requires usage of option '--csrf-token'"
|
||||||
raise SqlmapSyntaxException(errMsg)
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
|
if conf.csrfMethod and not conf.csrfToken:
|
||||||
|
errMsg = "option '--csrf-method' requires usage of option '--csrf-token'"
|
||||||
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.csrfToken and conf.threads > 1:
|
if conf.csrfToken and conf.threads > 1:
|
||||||
errMsg = "option '--csrf-url' is incompatible with option '--threads'"
|
errMsg = "option '--csrf-url' is incompatible with option '--threads'"
|
||||||
raise SqlmapSyntaxException(errMsg)
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
|
@ -61,6 +61,7 @@ optDict = {
|
||||||
"skipUrlEncode": "boolean",
|
"skipUrlEncode": "boolean",
|
||||||
"csrfToken": "string",
|
"csrfToken": "string",
|
||||||
"csrfUrl": "string",
|
"csrfUrl": "string",
|
||||||
|
"csrfMethod": "string",
|
||||||
"forceSSL": "boolean",
|
"forceSSL": "boolean",
|
||||||
"chunked": "boolean",
|
"chunked": "boolean",
|
||||||
"hpp": "boolean",
|
"hpp": "boolean",
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.9.7"
|
VERSION = "1.3.9.8"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -245,6 +245,9 @@ def cmdLineParser(argv=None):
|
||||||
request.add_argument("--csrf-url", dest="csrfUrl",
|
request.add_argument("--csrf-url", dest="csrfUrl",
|
||||||
help="URL address to visit for extraction of anti-CSRF token")
|
help="URL address to visit for extraction of anti-CSRF token")
|
||||||
|
|
||||||
|
request.add_argument("--csrf-method", dest="csrfMethod",
|
||||||
|
help="HTTP method to use during anti-CSRF token page visit")
|
||||||
|
|
||||||
request.add_argument("--force-ssl", dest="forceSSL", action="store_true",
|
request.add_argument("--force-ssl", dest="forceSSL", action="store_true",
|
||||||
help="Force usage of SSL/HTTPS")
|
help="Force usage of SSL/HTTPS")
|
||||||
|
|
||||||
|
|
|
@ -1039,7 +1039,7 @@ class Connect(object):
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
token = AttribDict()
|
token = AttribDict()
|
||||||
page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
|
page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
|
||||||
page = urldecode(page) # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')
|
page = urldecode(page) # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')
|
||||||
|
|
||||||
match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I)
|
match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I)
|
||||||
|
|
|
@ -180,16 +180,19 @@ safeReqFile =
|
||||||
# Default: 0
|
# Default: 0
|
||||||
safeFreq = 0
|
safeFreq = 0
|
||||||
|
|
||||||
# Skip URL encoding of payload data
|
# Skip URL encoding of payload data.
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
skipUrlEncode = False
|
skipUrlEncode = False
|
||||||
|
|
||||||
# Parameter used to hold anti-CSRF token
|
# Parameter used to hold anti-CSRF token.
|
||||||
csrfToken =
|
csrfToken =
|
||||||
|
|
||||||
# URL address to visit to extract anti-CSRF token
|
# URL address to visit to extract anti-CSRF token
|
||||||
csrfUrl =
|
csrfUrl =
|
||||||
|
|
||||||
|
# HTTP method to use during anti-CSRF token page visit.
|
||||||
|
csrfMethod =
|
||||||
|
|
||||||
# Force usage of SSL/HTTPS
|
# Force usage of SSL/HTTPS
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
forceSSL = False
|
forceSSL = False
|
||||||
|
|
Loading…
Reference in New Issue
Block a user