diff --git a/lib/core/agent.py b/lib/core/agent.py index fd79a2170..de9dc2b38 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -5,6 +5,7 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +import base64 import re from lib.core.common import Backend @@ -164,6 +165,11 @@ class Agent(object): newValue = self.cleanupPayload(newValue, origValue) + if re.sub(r" \(.+", "", parameter) in conf.base64Parameter: + # TODO: support for POST_HINT + newValue = base64.b64encode(newValue) + origValue = base64.b64encode(origValue) + if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER): _ = "%s%s" % (origValue, kb.customInjectionMark) if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString: diff --git a/lib/core/common.py b/lib/core/common.py index 718220476..3270723d0 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -603,7 +603,20 @@ def paramToDict(place, parameters=None): condition |= place == PLACE.COOKIE and len(intersect((PLACE.COOKIE,), conf.testParameter, True)) > 0 if condition: - testableParameters[parameter] = "=".join(parts[1:]) + value = "=".join(parts[1:]) + + if parameter in (conf.base64Parameter or []): + try: + oldValue = value + value = value.decode("base64") + parameters = re.sub(r"\b%s\b" % re.escape(oldValue), value, parameters) + except: + errMsg = "parameter '%s' does not contain " % parameter + errMsg += "valid Base64 encoded value ('%s')" % value + raise SqlmapValueException(errMsg) + + testableParameters[parameter] = value + if not conf.multipleTargets and not (conf.csrfToken and re.search(conf.csrfToken, parameter, re.I)): _ = urldecode(testableParameters[parameter], convall=True) if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX): diff --git a/lib/core/option.py b/lib/core/option.py index 62cb66cc0..3794cb1ae 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1613,6 +1613,13 @@ def _cleanupOptions(): else: conf.testParameter = [] + if conf.base64Parameter: + conf.base64Parameter = urldecode(conf.base64Parameter) + conf.base64Parameter = conf.base64Parameter.replace(" ", "") + conf.base64Parameter = re.split(PARAMETER_SPLITTING_REGEX, conf.base64Parameter) + else: + conf.base64Parameter = [] + if conf.agent: conf.agent = re.sub(r"[\r\n]", "", conf.agent) diff --git a/lib/core/settings.py b/lib/core/settings.py index bd4a25fbe..653ef30d9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.4.13" +VERSION = "1.3.4.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 1fe1b0db4..798fbb4cf 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -681,6 +681,10 @@ def cmdLineParser(argv=None): help="Simple wizard interface for beginner users") # Hidden and/or experimental options + parser.add_option("--base64", dest="base64Parameter", + help=SUPPRESS_HELP) +# help="Parameter(s) containing Base64 encoded values") + parser.add_option("--crack", dest="hashFile", help=SUPPRESS_HELP) # help="Load and crack hashes from a file (standalone)")