From 35893c49b80dc1786f3839c0a9e12fde8e71dd14 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 15 Oct 2019 12:29:39 +0200 Subject: [PATCH] Minor update of vuln-test --- extra/vulnserver/vulnserver.py | 8 ++++++-- lib/core/settings.py | 2 +- lib/core/testing.py | 1 + 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py index 1bee82f08..accdaaa84 100644 --- a/extra/vulnserver/vulnserver.py +++ b/extra/vulnserver/vulnserver.py @@ -9,6 +9,7 @@ See the file 'LICENSE' for copying permission from __future__ import print_function +import json import re import sqlite3 import sys @@ -99,10 +100,13 @@ class ReqHandler(BaseHTTPRequestHandler): return if hasattr(self, "data"): - params.update(parse_qs(self.data)) + if self.data.startswith('{') and self.data.endswith('}'): + params.update(json.loads(self.data)) + else: + params.update(parse_qs(self.data)) for key in params: - if params[key]: + if params[key] and isinstance(params[key], (tuple, list)): params[key] = params[key][-1] self.url, self.params = path, params diff --git a/lib/core/settings.py b/lib/core/settings.py index b4e6bf30b..5b60c8dc1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.10.15" +VERSION = "1.3.10.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index c63f82c5a..0f3a6c88e 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -75,6 +75,7 @@ def vulnTest(): for options, checks in ( ("--flush-session", ("CloudFlare",)), + ("--flush-session --data='{\"id\": 1}' --banner", ("Payload: {\"id\"", "banner: '3")), ("--flush-session --parse-errors --eval=\"id2=2\" --referer=\"localhost\" --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e\"", (": syntax error", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")), ("--banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")), ("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),