adding switch --eval

2024-11-22 09:36:35 +03:00 · 2011-11-21 16:41:02 +00:00 · 2011-11-21 16:41:02 +00:00 · 65b2b0ad87
commit 65b2b0ad87
parent 0ce885e6e6
7 changed files with 47 additions and 3 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -3135,4 +3135,11 @@ def getHostHeader(url):
    if any(map(lambda x: retVal.endswith(':%d' % x), [80, 443])):
        retVal = retVal.split(':')[0]

-    return retVal
+    return retVal
+
+def executeCode(code, variables=None):
+    try:
+        exec(code, variables)
+    except Exception, ex:
+        errMsg = "an error occured while evaluating provided code ('%s'). " % ex
+        raise sqlmapGenericException, errMsg
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1402,7 +1402,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.dynamicMarkings = []
    kb.dynamicParameters = False
    kb.endDetection = False
-    kb.httpErrorCodes = {}
    kb.explicitSettings = set()
    kb.errorIsNone = True
    kb.forcedDbms = None
@ -1411,6 +1410,8 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.heuristicTest = None
    kb.hintValue = None
    kb.htmlFp = []
+    kb.httpErrorCodes = {}
+    kb.inferenceMode = False
    kb.ignoreTimeout = False
    kb.injection = InjectionDict()
    kb.injections = []
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -44,7 +44,8 @@ optDict = {
                               "retries":           "integer",
                               "scope":             "string",
                               "safUrl":            "string",
-                               "saFreq":            "integer"
+                               "saFreq":            "integer",
+                               "evalCode":          "string"
                             },

            "Optimization":  {
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -140,6 +140,9 @@ def cmdLineParser():
        request.add_option("--safe-freq", dest="saFreq", type="int",
                           help="Test requests between two visits to a given safe url")

+        request.add_option("--eval", dest="evalCode",
+                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(str(id)).hexdigest()\")")
+
        # Optimization options
        optimization = OptionGroup(parser, "Optimization", "These "
                               "options can be used to optimize the "
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -22,6 +22,7 @@ from lib.core.common import average
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import clearConsoleLine
 from lib.core.common import cpuThrottle
+from lib.core.common import executeCode
 from lib.core.common import extractRegexResult
 from lib.core.common import getCurrentThreadData
 from lib.core.common import getFilteredPageContent
@ -603,6 +604,31 @@ class Connect:
                        elif item == PLACE.COOKIE and cookie:
                            cookie = _randomizeParameter(cookie, randomParameter)

+        if conf.evalCode:
+            variables = {}
+            originals = {}
+
+            if get:
+                executeCode(get.replace("&", ";"), variables)
+            if post:
+                executeCode(post.replace("&", ";"), variables)
+
+            originals.update(variables)
+            executeCode(conf.evalCode, variables)
+
+            for name, value in variables.items():
+                if name != "__builtins__" and originals.get(name, "") != value:
+                    if isinstance(value, (basestring, int)):
+                        value = unicode(value)
+                        if '%s=' % name in (get or ""):
+                            get = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, get)
+                        elif '%s=' % name in (post or ""):
+                            post = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, post)
+                        elif post:
+                            post += "&%s=%s" % (name, value)
+                        else:
+                            get += "&%s=%s" % (name, value)
+                
        get = urlencode(get, limit=True)
        if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE):
            post = getattr(post, UNENCODED_ORIGINAL_VALUE)
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -63,7 +63,9 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha

    dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression))

+    kb.inferenceMode = True
    count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)
+    kb.inferenceMode = False

    if not kb.bruteMode:
        debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -130,6 +130,10 @@ safUrl =
 # Default: 0
 saFreq = 0

+# Evaluate provided Python code before the request
+# Example: import hashlib;id2=hashlib.md5(str(id)).hexdigest()
+evalCode = 
+

 # These options can be used to optimize the performance of sqlmap.
 [Optimization]