sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

update regarding explicit testing of ua and referer when using -p

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-13 21:58:48 +00:00
parent 429ab631fe
commit 50d25c3b4d
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/controller/controller.py
View File

@ -22,6 +22,7 @@ from lib.controller.checks import simpletonCheckSqlInjection
from lib.core.agent import agent
from lib.core.common import getFilteredPageContent
from lib.core.common import getUnicode
from lib.core.common import intersect
from lib.core.common import paramToDict
from lib.core.common import parseTargetUrl
from lib.core.common import readInput
@ -38,6 +39,8 @@ from lib.core.exception import sqlmapSilentQuitException
from lib.core.exception import sqlmapValueException
from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setInjection
from lib.core.settings import REFERER_ALIASES
from lib.core.settings import USER_AGENT_ALIASES
from lib.core.target import initTargetEnv
from lib.core.target import setupTargetEnv
from extra.pagerank.pagerank import get_pagerank
@ -309,6 +312,9 @@ def start():
# Test Cookie header only if --level >= 2
condition |= (place == PLACE.COOKIE and conf.level < 2)
condition &= not (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.testParameter))
condition &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter))
if condition:
continue

3
lib/core/settings.py
View File

@ -147,6 +147,9 @@ SYBASE_ALIASES = [ "sybase", "sybase sql server" ]
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES
SUPPORTED_OS = ( "linux", "windows" )
REFERER_ALIASES = ( "ref", "referer", "referrer" )
USER_AGENT_ALIASES = ( "ua", "useragent", "user-agent" )
FROM_TABLE = {
DBMS.ORACLE: " FROM DUAL",
DBMS.ACCESS: " FROM MSysObjects",

15
lib/core/target.py
View File

@ -14,6 +14,7 @@ import tempfile
import time
from lib.core.common import dataToSessionFile
from lib.core.common import intersect
from lib.core.common import paramToDict
from lib.core.common import readInput
from lib.core.convert import urldecode
@ -31,9 +32,11 @@ from lib.core.exception import sqlmapSyntaxException
from lib.core.option import __setDBMS
from lib.core.option import __setKnowledgeBaseAttributes
from lib.core.session import resumeConfKb
from lib.core.settings import REFERER_ALIASES
from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import URI_INJECTABLE_REGEX
from lib.core.settings import URI_INJECTION_MARK_CHAR
from lib.core.settings import USER_AGENT_ALIASES
from lib.core.xmldump import dumper as xmldumper
from lib.request.connect import Connect as Request
@ -113,11 +116,7 @@ def __setRequestParams():
# No need for url encoding/decoding the user agent
conf.parameters[PLACE.UA] = urldecode(headerValue)
condition = not conf.testParameter
condition |= PLACE.UA in conf.testParameter
condition |= "user-agent" in conf.testParameter
condition |= "useragent" in conf.testParameter
condition |= "ua" in conf.testParameter
condition = any([not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)])
if condition:
conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue }
@ -127,11 +126,7 @@ def __setRequestParams():
# No need for url encoding/decoding the referer
conf.parameters[PLACE.REFERER] = urldecode(headerValue)
condition = not conf.testParameter
condition |= PLACE.REFERER in conf.testParameter
condition |= "referer" in conf.testParameter
condition |= "referrer" in conf.testParameter
condition |= "ref" in conf.testParameter
condition = any([not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)])
if condition:
conf.paramDict[PLACE.REFERER] = { PLACE.REFERER: headerValue }