sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 11:45:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Critical bug patch for --crawl/--forms (introduced last week)

Browse Source
This commit is contained in:
Miroslav Stampar 2019-11-07 16:23:52 +01:00
parent abe31c1fbf
commit 360d89cecc
3 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.11.16" VERSION = "1.3.11.17"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -362,6 +362,9 @@ META_CHARSET_REGEX = r'(?si)<head>.*<meta[^>]+charset="?(?P<result>[^"> ]+).*</h
# Regular expression used for parsing refresh info from meta html headers # Regular expression used for parsing refresh info from meta html headers
META_REFRESH_REGEX = r'(?si)<head>(?!.*?<noscript.*?</head).*?<meta http-equiv="?refresh"?[^>]+content="?[^">]+url=["\']?(?P<result>[^\'">]+).*</head>' META_REFRESH_REGEX = r'(?si)<head>(?!.*?<noscript.*?</head).*?<meta http-equiv="?refresh"?[^>]+content="?[^">]+url=["\']?(?P<result>[^\'">]+).*</head>'
# Regular expression used for parsing Javascript redirect request
JAVASCRIPT_HREF_REGEX = r'<script>\s*(\w+\.)?location\.href\s*=["\'](?P<result>[^"\']+)'
# Regular expression used for parsing empty fields in tested form data # Regular expression used for parsing empty fields in tested form data
EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=(&|\Z))' EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=(&|\Z))'

9
lib/request/connect.py
View File

@ -98,6 +98,7 @@ from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
from lib.core.settings import IPS_WAF_CHECK_PAYLOAD from lib.core.settings import IPS_WAF_CHECK_PAYLOAD
from lib.core.settings import IS_WIN from lib.core.settings import IS_WIN
from lib.core.settings import JAVASCRIPT_HREF_REGEX
from lib.core.settings import LARGE_READ_TRIM_MARKER from lib.core.settings import LARGE_READ_TRIM_MARKER
from lib.core.settings import MAX_CONNECTION_READ_SIZE from lib.core.settings import MAX_CONNECTION_READ_SIZE
from lib.core.settings import MAX_CONNECTIONS_REGEX from lib.core.settings import MAX_CONNECTIONS_REGEX
@ -563,10 +564,16 @@ class Connect(object):
debugMsg = "got HTML meta refresh header" debugMsg = "got HTML meta refresh header"
logger.debug(debugMsg) logger.debug(debugMsg)
if not refresh:
refresh = extractRegexResult(JAVASCRIPT_HREF_REGEX, page)
debugMsg = "got Javascript redirect request"
logger.debug(debugMsg)
if refresh: if refresh:
if kb.alwaysRefresh is None: if kb.alwaysRefresh is None:
msg = "got a refresh request " msg = "got a refresh request "
msg += "(redirect like response common to login pages). " msg += "(redirect like response common to login pages) to '%s'. " % refresh
msg += "Do you want to apply the refresh " msg += "Do you want to apply the refresh "
msg += "from now on (or stay on the original page)? [Y/n]" msg += "from now on (or stay on the original page)? [Y/n]"

18
lib/utils/crawler.py
View File

@ -28,6 +28,7 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.datatype import OrderedSet from lib.core.datatype import OrderedSet
from lib.core.enums import HTTPMETHOD
from lib.core.enums import MKSTEMP_PREFIX from lib.core.enums import MKSTEMP_PREFIX
from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import SqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
@ -116,7 +117,7 @@ def crawl(target):
if (extractRegexResult(r"\A[^?]+\.(?P<result>\w+)(\?|\Z)", url) or "").lower() not in CRAWL_EXCLUDE_EXTENSIONS: if (extractRegexResult(r"\A[^?]+\.(?P<result>\w+)(\?|\Z)", url) or "").lower() not in CRAWL_EXCLUDE_EXTENSIONS:
with kb.locks.value: with kb.locks.value:
threadData.shared.deeper.add(url) threadData.shared.deeper.add(url)
if re.search(r"(.*?)\?(.+)", url): if re.search(r"(.*?)\?(.+)", url) and not re.search(r"\?\d+\Z", url):
threadData.shared.value.add(url) threadData.shared.value.add(url)
except UnicodeEncodeError: # for non-HTML files except UnicodeEncodeError: # for non-HTML files
pass pass
@ -211,12 +212,15 @@ def crawl(target):
results = OrderedSet() results = OrderedSet()
for target in kb.targets: for target in kb.targets:
match = re.search(r"/[^/?]*\?.*\Z", target[0]) if target[1] == HTTPMETHOD.GET:
if match: match = re.search(r"/[^/?]*\?.*\Z", target[0])
key = re.sub(r"=[^=&]*", "=", match.group(0)) if match:
if key not in seen: key = re.sub(r"=[^=&]*", "=", match.group(0))
results.add(target) if key not in seen:
seen.add(key) results.add(target)
seen.add(key)
else:
results.add(target)
kb.targets = results kb.targets = results