mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
adding switch --eval
This commit is contained in:
parent
0ce885e6e6
commit
65b2b0ad87
|
@ -3136,3 +3136,10 @@ def getHostHeader(url):
|
|||
retVal = retVal.split(':')[0]
|
||||
|
||||
return retVal
|
||||
|
||||
def executeCode(code, variables=None):
|
||||
try:
|
||||
exec(code, variables)
|
||||
except Exception, ex:
|
||||
errMsg = "an error occured while evaluating provided code ('%s'). " % ex
|
||||
raise sqlmapGenericException, errMsg
|
||||
|
|
|
@ -1402,7 +1402,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
|||
kb.dynamicMarkings = []
|
||||
kb.dynamicParameters = False
|
||||
kb.endDetection = False
|
||||
kb.httpErrorCodes = {}
|
||||
kb.explicitSettings = set()
|
||||
kb.errorIsNone = True
|
||||
kb.forcedDbms = None
|
||||
|
@ -1411,6 +1410,8 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
|||
kb.heuristicTest = None
|
||||
kb.hintValue = None
|
||||
kb.htmlFp = []
|
||||
kb.httpErrorCodes = {}
|
||||
kb.inferenceMode = False
|
||||
kb.ignoreTimeout = False
|
||||
kb.injection = InjectionDict()
|
||||
kb.injections = []
|
||||
|
|
|
@ -44,7 +44,8 @@ optDict = {
|
|||
"retries": "integer",
|
||||
"scope": "string",
|
||||
"safUrl": "string",
|
||||
"saFreq": "integer"
|
||||
"saFreq": "integer",
|
||||
"evalCode": "string"
|
||||
},
|
||||
|
||||
"Optimization": {
|
||||
|
|
|
@ -140,6 +140,9 @@ def cmdLineParser():
|
|||
request.add_option("--safe-freq", dest="saFreq", type="int",
|
||||
help="Test requests between two visits to a given safe url")
|
||||
|
||||
request.add_option("--eval", dest="evalCode",
|
||||
help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(str(id)).hexdigest()\")")
|
||||
|
||||
# Optimization options
|
||||
optimization = OptionGroup(parser, "Optimization", "These "
|
||||
"options can be used to optimize the "
|
||||
|
|
|
@ -22,6 +22,7 @@ from lib.core.common import average
|
|||
from lib.core.common import calculateDeltaSeconds
|
||||
from lib.core.common import clearConsoleLine
|
||||
from lib.core.common import cpuThrottle
|
||||
from lib.core.common import executeCode
|
||||
from lib.core.common import extractRegexResult
|
||||
from lib.core.common import getCurrentThreadData
|
||||
from lib.core.common import getFilteredPageContent
|
||||
|
@ -603,6 +604,31 @@ class Connect:
|
|||
elif item == PLACE.COOKIE and cookie:
|
||||
cookie = _randomizeParameter(cookie, randomParameter)
|
||||
|
||||
if conf.evalCode:
|
||||
variables = {}
|
||||
originals = {}
|
||||
|
||||
if get:
|
||||
executeCode(get.replace("&", ";"), variables)
|
||||
if post:
|
||||
executeCode(post.replace("&", ";"), variables)
|
||||
|
||||
originals.update(variables)
|
||||
executeCode(conf.evalCode, variables)
|
||||
|
||||
for name, value in variables.items():
|
||||
if name != "__builtins__" and originals.get(name, "") != value:
|
||||
if isinstance(value, (basestring, int)):
|
||||
value = unicode(value)
|
||||
if '%s=' % name in (get or ""):
|
||||
get = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, get)
|
||||
elif '%s=' % name in (post or ""):
|
||||
post = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, post)
|
||||
elif post:
|
||||
post += "&%s=%s" % (name, value)
|
||||
else:
|
||||
get += "&%s=%s" % (name, value)
|
||||
|
||||
get = urlencode(get, limit=True)
|
||||
if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE):
|
||||
post = getattr(post, UNENCODED_ORIGINAL_VALUE)
|
||||
|
|
|
@ -63,7 +63,9 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
|
|||
|
||||
dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression))
|
||||
|
||||
kb.inferenceMode = True
|
||||
count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)
|
||||
kb.inferenceMode = False
|
||||
|
||||
if not kb.bruteMode:
|
||||
debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
|
||||
|
|
|
@ -130,6 +130,10 @@ safUrl =
|
|||
# Default: 0
|
||||
saFreq = 0
|
||||
|
||||
# Evaluate provided Python code before the request
|
||||
# Example: import hashlib;id2=hashlib.md5(str(id)).hexdigest()
|
||||
evalCode =
|
||||
|
||||
|
||||
# These options can be used to optimize the performance of sqlmap.
|
||||
[Optimization]
|
||||
|
|
Loading…
Reference in New Issue
Block a user