sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-09 18:23:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

implementation of referer feature

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-11 23:07:03 +00:00
parent a6ab24e0b5
commit 535eb9f3eb
6 changed files with 31 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -399,6 +399,8 @@ def checkSqlInjection(place, parameter, value):
if injection.place is None or injection.parameter is None: if injection.place is None or injection.parameter is None:
if place == PLACE.UA: if place == PLACE.UA:
injection.parameter = conf.agent injection.parameter = conf.agent
elif place == PLACE.REFERER:
injection.parameter = conf.referer
else: else:
injection.parameter = parameter injection.parameter = parameter

2
lib/core/agent.py
View File

@ -108,7 +108,7 @@ class Agent:
retValue = ET.tostring(root) retValue = ET.tostring(root)
elif place == PLACE.URI: elif place == PLACE.URI:
retValue = paramString.replace("%s%s" % (origValue, URI_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue)) retValue = paramString.replace("%s%s" % (origValue, URI_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue))
elif place == PLACE.UA: elif place in (PLACE.UA, PLACE.REFERER):
retValue = paramString.replace(origValue, self.addPayloadDelimiters(newValue)) retValue = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
else: else:
retValue = paramString.replace("%s=%s" % (parameter, origValue), retValue = paramString.replace("%s=%s" % (parameter, origValue),

1
lib/core/enums.py
View File

@ -41,6 +41,7 @@ class PLACE:
URI = "URI" URI = "URI"
COOKIE = "Cookie" COOKIE = "Cookie"
UA = "User-Agent" UA = "User-Agent"
REFERER = "Referer"
class HTTPMETHOD: class HTTPMETHOD:
GET = "GET" GET = "GET"

14
lib/core/target.py
View File

@ -123,6 +123,20 @@ def __setRequestParams():
conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue } conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue }
__testableParameters = True __testableParameters = True
elif httpHeader == PLACE.REFERER:
# No need for url encoding/decoding the referer
conf.parameters[PLACE.REFERER] = urldecode(headerValue)
condition = not conf.testParameter
condition |= PLACE.REFERER in conf.testParameter
condition |= "referer" in conf.testParameter
condition |= "referrer" in conf.testParameter
condition |= "ref" in conf.testParameter
if condition:
conf.paramDict[PLACE.REFERER] = { PLACE.REFERER: headerValue }
__testableParameters = True
if not conf.parameters: if not conf.parameters:
errMsg = "you did not provide any GET, POST and Cookie " errMsg = "you did not provide any GET, POST and Cookie "
errMsg += "parameter, neither an User-Agent header" errMsg += "parameter, neither an User-Agent header"

6
lib/request/basic.py
View File

@ -30,9 +30,9 @@ from lib.core.settings import UNICODE_ENCODING
from lib.parse.headers import headersParser from lib.parse.headers import headersParser
from lib.parse.html import htmlParser from lib.parse.html import htmlParser
def forgeHeaders(cookie, ua): def forgeHeaders(cookie, ua, referer):
""" """
Prepare HTTP Cookie and HTTP User-Agent headers to use when performing Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing
the HTTP requests the HTTP requests
""" """
@ -43,6 +43,8 @@ def forgeHeaders(cookie, ua):
headers[header] = cookie headers[header] = cookie
elif ua and header == "User-Agent": elif ua and header == "User-Agent":
headers[header] = ua headers[header] = ua
elif referer and header == "Referer":
headers[header] = referer
else: else:
headers[header] = value headers[header] = value

13
lib/request/connect.py
View File

@ -82,6 +82,7 @@ class Connect:
method = kwargs.get('method', None) method = kwargs.get('method', None)
cookie = kwargs.get('cookie', None) cookie = kwargs.get('cookie', None)
ua = kwargs.get('ua', None) ua = kwargs.get('ua', None)
referer = kwargs.get('referer', None)
direct = kwargs.get('direct', False) direct = kwargs.get('direct', False)
multipart = kwargs.get('multipart', False) multipart = kwargs.get('multipart', False)
silent = kwargs.get('silent', False) silent = kwargs.get('silent', False)
@ -139,7 +140,7 @@ class Connect:
requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str
# Perform HTTP request # Perform HTTP request
headers = forgeHeaders(cookie, ua) headers = forgeHeaders(cookie, ua, referer)
if conf.realTest: if conf.realTest:
headers["Referer"] = "%s://%s" % (conf.scheme, conf.hostname) headers["Referer"] = "%s://%s" % (conf.scheme, conf.hostname)
@ -383,6 +384,7 @@ class Connect:
post = None post = None
cookie = None cookie = None
ua = None ua = None
referer = None
page = None page = None
pageLength = None pageLength = None
uri = None uri = None
@ -424,6 +426,9 @@ class Connect:
if PLACE.UA in conf.parameters: if PLACE.UA in conf.parameters:
ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value
if PLACE.REFERER in conf.parameters:
referer = conf.parameters[PLACE.REFERER] if place != PLACE.REFERER or not value else value
if PLACE.URI in conf.parameters: if PLACE.URI in conf.parameters:
uri = conf.url if place != PLACE.URI or not value else value uri = conf.url if place != PLACE.URI or not value else value
else: else:
@ -443,7 +448,7 @@ class Connect:
if conf.safUrl and conf.saFreq > 0: if conf.safUrl and conf.saFreq > 0:
kb.queryCounter += 1 kb.queryCounter += 1
if kb.queryCounter % conf.saFreq == 0: if kb.queryCounter % conf.saFreq == 0:
Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua) Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer)
start = time.time() start = time.time()
@ -456,7 +461,7 @@ class Connect:
auxHeaders["Range"] = "bytes=-1" auxHeaders["Range"] = "bytes=-1"
_, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404) _, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
if kb.nullConnection == NULLCONNECTION.HEAD and 'Content-Length' in headers: if kb.nullConnection == NULLCONNECTION.HEAD and 'Content-Length' in headers:
pageLength = int(headers['Content-Length']) pageLength = int(headers['Content-Length'])
@ -464,7 +469,7 @@ class Connect:
pageLength = int(headers['Content-Range'][headers['Content-Range'].find('/') + 1:]) pageLength = int(headers['Content-Range'][headers['Content-Range'].find('/') + 1:])
if not pageLength: if not pageLength:
page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare) page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
threadData.lastQueryDuration = calculateDeltaSeconds(start) threadData.lastQueryDuration = calculateDeltaSeconds(start)