From 633638932216fb56ee8cefb475e4828fe5608c8a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 24 Jan 2023 12:00:23 +0100 Subject: [PATCH] Another update for #5295 --- lib/core/option.py | 11 ++++++++++- lib/core/optiondict.py | 1 + lib/core/settings.py | 2 +- lib/parse/cmdline.py | 5 ++++- lib/request/connect.py | 10 ++++++++++ sqlmap.conf | 6 +++++- 6 files changed, 31 insertions(+), 4 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 3bf0367ee..72d834d07 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1696,11 +1696,20 @@ def _cleanupOptions(): try: conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)] except ValueError: - errMsg = "options '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD + errMsg = "option '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD raise SqlmapSyntaxException(errMsg) else: conf.ignoreCode = [] + if conf.abortCode: + try: + conf.abortCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.abortCode)] + except ValueError: + errMsg = "option '--abort-code' should contain a list of integer values" + raise SqlmapSyntaxException(errMsg) + else: + conf.abortCode = [] + if conf.paramFilter: conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())] else: diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index c28eca013..761ee9955 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -39,6 +39,7 @@ optDict = { "authType": "string", "authCred": "string", "authFile": "string", + "abortCode": "string", "ignoreCode": "string", "ignoreProxy": "boolean", "ignoreRedirects": "boolean", diff --git a/lib/core/settings.py b/lib/core/settings.py index ef5b581d8..f20420b07 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.7.1.9" +VERSION = "1.7.1.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 383fba066..e16e8223a 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -201,8 +201,11 @@ def cmdLineParser(argv=None): request.add_argument("--auth-file", dest="authFile", help="HTTP authentication PEM cert/private key file") + request.add_argument("--abort-code", dest="abortCode", + help="Abort on (problematic) HTTP error code(s) (e.g. 401)") + request.add_argument("--ignore-code", dest="ignoreCode", - help="Ignore (problematic) HTTP error code (e.g. 401)") + help="Ignore (problematic) HTTP error code(s) (e.g. 401)") request.add_argument("--ignore-proxy", dest="ignoreProxy", action="store_true", help="Ignore system default proxy settings") diff --git a/lib/request/connect.py b/lib/request/connect.py index ffc06ad96..6c27a267e 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -767,6 +767,11 @@ class Connect(object): if not multipart: logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) + if code in conf.abortCode: + errMsg = "aborting due to detected HTTP code '%d'" % code + singleTimeLogMessage(errMsg, logging.CRITICAL) + raise SystemExit + if ex.code not in (conf.ignoreCode or []): if ex.code == _http_client.UNAUTHORIZED: errMsg = "not authorized, try to provide right HTTP " @@ -921,6 +926,11 @@ class Connect(object): errMsg += "function '%s' ('%s')" % (function.__name__, getSafeExString(ex)) raise SqlmapGenericException(errMsg) + if code in conf.abortCode: + errMsg = "aborting due to detected HTTP code '%d'" % code + singleTimeLogMessage(errMsg, logging.CRITICAL) + raise SystemExit + threadData.lastPage = page threadData.lastCode = code diff --git a/sqlmap.conf b/sqlmap.conf index 71a12017c..895b60115 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -101,8 +101,12 @@ authCred = # Syntax: key_file authFile = +# Abort on (problematic) HTTP error code (e.g. 401). +# Valid: string +abortCode = + # Ignore (problematic) HTTP error code (e.g. 401). -# Valid: integer +# Valid: string ignoreCode = # Ignore system default proxy settings.