mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 05:31:04 +03:00 
			
		
		
		
	Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
This commit is contained in:
		
							parent
							
								
									c61ee5e5ef
								
							
						
					
					
						commit
						33094a118c
					
				|  | @ -360,11 +360,11 @@ def checkSqlInjection(place, parameter, value): | |||
|                             kb.matchRatio = None | ||||
|                             kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE) | ||||
|                             Request.queryPage(genCmpPayload(), place, raise404=False) | ||||
|                             falsePage = threadData.lastComparisonPage or "" | ||||
|                             falseContent = threadData.lastComparisonContent | ||||
| 
 | ||||
|                             # Perform the test's True request | ||||
|                             trueResult = Request.queryPage(reqPayload, place, raise404=False) | ||||
|                             truePage = threadData.lastComparisonPage or "" | ||||
|                             trueContent = threadData.lastComparisonContent | ||||
| 
 | ||||
|                             if trueResult: | ||||
|                                 falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) | ||||
|  | @ -377,11 +377,11 @@ def checkSqlInjection(place, parameter, value): | |||
|                                     injectable = True | ||||
| 
 | ||||
|                             if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable: | ||||
|                                 trueSet = set(extractTextTagContent(truePage)) | ||||
|                                 falseSet = set(extractTextTagContent(falsePage)) | ||||
|                                 candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet))) | ||||
|                                 trueSet = set(extractTextTagContent(trueContent)) | ||||
|                                 falseSet = set(extractTextTagContent(falseContent)) | ||||
|                                 candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falseContent else None for _ in (trueSet - falseSet))) | ||||
|                                 if candidates: | ||||
|                                     conf.string = random.sample(candidates, 1)[0] | ||||
|                                     conf.string = candidates[0] | ||||
|                                     infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'")) | ||||
|                                     logger.info(infoMsg) | ||||
| 
 | ||||
|  |  | |||
|  | @ -41,7 +41,7 @@ class _ThreadData(threading.local): | |||
|         self.disableStdOut = False | ||||
|         self.hashDBCursor = None | ||||
|         self.inTransaction = False | ||||
|         self.lastComparisonPage = None | ||||
|         self.lastComparisonContent = None | ||||
|         self.lastErrorPage = None | ||||
|         self.lastHTTPError = None | ||||
|         self.lastRedirectMsg = None | ||||
|  |  | |||
|  | @ -46,8 +46,8 @@ def _adjust(condition, getRatioValue): | |||
| def _comparison(page, headers, code, getRatioValue, pageLength): | ||||
|     threadData = getCurrentThreadData() | ||||
| 
 | ||||
|     if kb.testMode: | ||||
|         threadData.lastComparisonPage = page | ||||
|     if kb.testMode or any((conf.string, conf.notString, conf.regexp)): | ||||
|         threadData.lastComparisonContent = "%s%s" % (listToStrValue(headers.headers if headers else ""), page or "") | ||||
| 
 | ||||
|     if page is None and pageLength is None: | ||||
|         return None | ||||
|  | @ -55,20 +55,17 @@ def _comparison(page, headers, code, getRatioValue, pageLength): | |||
|     seqMatcher = threadData.seqMatcher | ||||
|     seqMatcher.set_seq1(kb.pageTemplate) | ||||
| 
 | ||||
|     if any((conf.string, conf.notString, conf.regexp)): | ||||
|         rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) | ||||
|     # String to match in page when the query is True and/or valid | ||||
|     if conf.string: | ||||
|         return conf.string in threadData.lastComparisonContent | ||||
| 
 | ||||
|         # String to match in page when the query is True and/or valid | ||||
|         if conf.string: | ||||
|             return conf.string in rawResponse | ||||
|     # String to match in page when the query is False and/or invalid | ||||
|     if conf.notString: | ||||
|         return conf.notString not in threadData.lastComparisonContent | ||||
| 
 | ||||
|         # String to match in page when the query is False and/or invalid | ||||
|         if conf.notString: | ||||
|             return conf.notString not in rawResponse | ||||
| 
 | ||||
|         # Regular expression to match in page when the query is True and/or valid | ||||
|         if conf.regexp: | ||||
|             return re.search(conf.regexp, rawResponse, re.I | re.M) is not None | ||||
|     # Regular expression to match in page when the query is True and/or valid | ||||
|     if conf.regexp: | ||||
|         return re.search(conf.regexp, threadData.lastComparisonContent, re.I | re.M) is not None | ||||
| 
 | ||||
|     # HTTP code to match when the query is valid | ||||
|     if conf.code: | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user