sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-25 07:23:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

DREI patch for --forms

Browse Source
This commit is contained in:
Miroslav Stampar 2019-05-06 16:38:18 +02:00
parent c5a2567033
commit 321cddebe0
3 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/core/common.py
View File

@ -4232,13 +4232,13 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
""" """
Parses given page content for possible forms (Note: still not implemented for Python3) Parses given page content for possible forms (Note: still not implemented for Python3)
>> findPageForms('<html><form action="/input.php" method="POST"><input type="text" name="id" value="1"><input type="submit" value="Submit"></form></html>', '') >>> findPageForms('<html><form action="/input.php" method="POST"><input type="text" name="id" value="1"><input type="submit" value="Submit"></form></html>', 'http://www.site.com') == set([('http://www.site.com/input.php', 'POST', 'id=1', None, None)])
set([(u'/input.php', 'POST', u'id=1', None, None)]) True
""" """
class _(io.BytesIO): class _(six.StringIO):
def __init__(self, content, url): def __init__(self, content, url):
io.BytesIO.__init__(self, getBytes(content, kb.pageEncoding)) six.StringIO.__init__(self, content)
self._url = url self._url = url
def geturl(self): def geturl(self):
@ -4303,7 +4303,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
else: else:
url = urldecode(request.get_full_url(), kb.pageEncoding) url = urldecode(request.get_full_url(), kb.pageEncoding)
method = request.get_method() method = request.get_method()
data = request.get_data() if request.has_data() else None data = request.data
data = urldecode(data, kb.pageEncoding, spaceplus=False) data = urldecode(data, kb.pageEncoding, spaceplus=False)
if not data and method and method.upper() == HTTPMETHOD.POST: if not data and method and method.upper() == HTTPMETHOD.POST:

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty import six from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.5.30" VERSION = "1.3.5.31"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

15
thirdparty/clientform/clientform.py vendored
View File

@ -94,10 +94,12 @@ else:
_logger.addHandler(handler) _logger.addHandler(handler)
try: try:
from thirdparty import six
from thirdparty.six.moves import cStringIO as _cStringIO from thirdparty.six.moves import cStringIO as _cStringIO
from thirdparty.six.moves import html_entities as _html_entities from thirdparty.six.moves import html_entities as _html_entities
from thirdparty.six.moves import urllib as _urllib from thirdparty.six.moves import urllib as _urllib
except ImportError: except ImportError:
import six
from six.moves import cStringIO as _cStringIO from six.moves import cStringIO as _cStringIO
from six.moves import html_entities as _html_entities from six.moves import html_entities as _html_entities
from six.moves import urllib as _urllib from six.moves import urllib as _urllib
@ -173,7 +175,7 @@ string.
# non-sequence items should not work with len() # non-sequence items should not work with len()
x = len(query) x = len(query)
# non-empty strings will fail this # non-empty strings will fail this
if len(query) and type(query[0]) != types.TupleType: if len(query) and type(query[0]) != tuple:
raise TypeError() raise TypeError()
# zero-length sequences of all types will get here and succeed, # zero-length sequences of all types will get here and succeed,
# but that's a minor nit - since the original implementation # but that's a minor nit - since the original implementation
@ -246,7 +248,7 @@ def unescape_charref(data, encoding):
name, base= name[1:], 16 name, base= name[1:], 16
elif not name.isdigit(): elif not name.isdigit():
base = 16 base = 16
uc = unichr(int(name, base)) uc = six.unichr(int(name, base))
if encoding is None: if encoding is None:
return uc return uc
else: else:
@ -270,7 +272,7 @@ def get_entitydefs():
entitydefs["&%s;" % name] = uc entitydefs["&%s;" % name] = uc
else: else:
for name, codepoint in _html_entities.name2codepoint.items(): for name, codepoint in _html_entities.name2codepoint.items():
entitydefs["&%s;" % name] = unichr(codepoint) entitydefs["&%s;" % name] = six.unichr(codepoint)
return entitydefs return entitydefs
@ -1126,7 +1128,7 @@ def _ParseFileEx(file, base_uri,
if action is None: if action is None:
action = base_uri action = base_uri
else: else:
action = unicode(action, "utf8") if action and not isinstance(action, unicode) else action action = six.text_type(action, "utf8") if action and isinstance(action, six.binary_type) else action
action = _urljoin(base_uri, action) action = _urljoin(base_uri, action)
# would be nice to make HTMLForm class (form builder) pluggable # would be nice to make HTMLForm class (form builder) pluggable
form = HTMLForm( form = HTMLForm(
@ -1321,8 +1323,8 @@ class ScalarControl(Control):
self.__dict__["type"] = type.lower() self.__dict__["type"] = type.lower()
self.__dict__["name"] = name self.__dict__["name"] = name
self._value = attrs.get("value") self._value = attrs.get("value")
self.disabled = attrs.has_key("disabled") self.disabled = "disabled" in attrs
self.readonly = attrs.has_key("readonly") self.readonly = "readonly" in attrs
self.id = attrs.get("id") self.id = attrs.get("id")
self.attrs = attrs.copy() self.attrs = attrs.copy()
@ -3398,6 +3400,7 @@ class HTMLForm:
return self._request_data() return self._request_data()
else: else:
req_data = self._request_data() req_data = self._request_data()
req = request_class(req_data[0], req_data[1]) req = request_class(req_data[0], req_data[1])
for key, val in req_data[2]: for key, val in req_data[2]:
add_hdr = req.add_header add_hdr = req.add_header