mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
This commit is contained in:
		
							parent
							
								
									c61ee5e5ef
								
							
						
					
					
						commit
						33094a118c
					
				|  | @ -360,11 +360,11 @@ def checkSqlInjection(place, parameter, value): | ||||||
|                             kb.matchRatio = None |                             kb.matchRatio = None | ||||||
|                             kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE) |                             kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE) | ||||||
|                             Request.queryPage(genCmpPayload(), place, raise404=False) |                             Request.queryPage(genCmpPayload(), place, raise404=False) | ||||||
|                             falsePage = threadData.lastComparisonPage or "" |                             falseContent = threadData.lastComparisonContent | ||||||
| 
 | 
 | ||||||
|                             # Perform the test's True request |                             # Perform the test's True request | ||||||
|                             trueResult = Request.queryPage(reqPayload, place, raise404=False) |                             trueResult = Request.queryPage(reqPayload, place, raise404=False) | ||||||
|                             truePage = threadData.lastComparisonPage or "" |                             trueContent = threadData.lastComparisonContent | ||||||
| 
 | 
 | ||||||
|                             if trueResult: |                             if trueResult: | ||||||
|                                 falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) |                                 falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) | ||||||
|  | @ -377,11 +377,11 @@ def checkSqlInjection(place, parameter, value): | ||||||
|                                     injectable = True |                                     injectable = True | ||||||
| 
 | 
 | ||||||
|                             if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable: |                             if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable: | ||||||
|                                 trueSet = set(extractTextTagContent(truePage)) |                                 trueSet = set(extractTextTagContent(trueContent)) | ||||||
|                                 falseSet = set(extractTextTagContent(falsePage)) |                                 falseSet = set(extractTextTagContent(falseContent)) | ||||||
|                                 candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet))) |                                 candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falseContent else None for _ in (trueSet - falseSet))) | ||||||
|                                 if candidates: |                                 if candidates: | ||||||
|                                     conf.string = random.sample(candidates, 1)[0] |                                     conf.string = candidates[0] | ||||||
|                                     infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'")) |                                     infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'")) | ||||||
|                                     logger.info(infoMsg) |                                     logger.info(infoMsg) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -41,7 +41,7 @@ class _ThreadData(threading.local): | ||||||
|         self.disableStdOut = False |         self.disableStdOut = False | ||||||
|         self.hashDBCursor = None |         self.hashDBCursor = None | ||||||
|         self.inTransaction = False |         self.inTransaction = False | ||||||
|         self.lastComparisonPage = None |         self.lastComparisonContent = None | ||||||
|         self.lastErrorPage = None |         self.lastErrorPage = None | ||||||
|         self.lastHTTPError = None |         self.lastHTTPError = None | ||||||
|         self.lastRedirectMsg = None |         self.lastRedirectMsg = None | ||||||
|  |  | ||||||
|  | @ -46,8 +46,8 @@ def _adjust(condition, getRatioValue): | ||||||
| def _comparison(page, headers, code, getRatioValue, pageLength): | def _comparison(page, headers, code, getRatioValue, pageLength): | ||||||
|     threadData = getCurrentThreadData() |     threadData = getCurrentThreadData() | ||||||
| 
 | 
 | ||||||
|     if kb.testMode: |     if kb.testMode or any((conf.string, conf.notString, conf.regexp)): | ||||||
|         threadData.lastComparisonPage = page |         threadData.lastComparisonContent = "%s%s" % (listToStrValue(headers.headers if headers else ""), page or "") | ||||||
| 
 | 
 | ||||||
|     if page is None and pageLength is None: |     if page is None and pageLength is None: | ||||||
|         return None |         return None | ||||||
|  | @ -55,20 +55,17 @@ def _comparison(page, headers, code, getRatioValue, pageLength): | ||||||
|     seqMatcher = threadData.seqMatcher |     seqMatcher = threadData.seqMatcher | ||||||
|     seqMatcher.set_seq1(kb.pageTemplate) |     seqMatcher.set_seq1(kb.pageTemplate) | ||||||
| 
 | 
 | ||||||
|     if any((conf.string, conf.notString, conf.regexp)): |     # String to match in page when the query is True and/or valid | ||||||
|         rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) |     if conf.string: | ||||||
|  |         return conf.string in threadData.lastComparisonContent | ||||||
| 
 | 
 | ||||||
|         # String to match in page when the query is True and/or valid |     # String to match in page when the query is False and/or invalid | ||||||
|         if conf.string: |     if conf.notString: | ||||||
|             return conf.string in rawResponse |         return conf.notString not in threadData.lastComparisonContent | ||||||
| 
 | 
 | ||||||
|         # String to match in page when the query is False and/or invalid |     # Regular expression to match in page when the query is True and/or valid | ||||||
|         if conf.notString: |     if conf.regexp: | ||||||
|             return conf.notString not in rawResponse |         return re.search(conf.regexp, threadData.lastComparisonContent, re.I | re.M) is not None | ||||||
| 
 |  | ||||||
|         # Regular expression to match in page when the query is True and/or valid |  | ||||||
|         if conf.regexp: |  | ||||||
|             return re.search(conf.regexp, rawResponse, re.I | re.M) is not None |  | ||||||
| 
 | 
 | ||||||
|     # HTTP code to match when the query is valid |     # HTTP code to match when the query is valid | ||||||
|     if conf.code: |     if conf.code: | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user