mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Putting that ugly parameter xyz is not inside the Cookie into the debug messages
This commit is contained in:
parent
d42d28392a
commit
6c0054bc5f
|
@ -568,16 +568,16 @@ def paramToDict(place, parameters=None):
|
|||
parameter = conf.testParameter[0]
|
||||
|
||||
if not intersect(USER_AGENT_ALIASES + REFERER_ALIASES + HOST_ALIASES, parameter, True):
|
||||
warnMsg = "provided parameter '%s' " % paramStr
|
||||
warnMsg += "is not inside the %s" % place
|
||||
logger.warn(warnMsg)
|
||||
debugMsg = "provided parameter '%s' " % paramStr
|
||||
debugMsg += "is not inside the %s" % place
|
||||
logger.debug(debugMsg)
|
||||
|
||||
elif len(conf.testParameter) != len(testableParameters.keys()):
|
||||
for parameter in conf.testParameter:
|
||||
if parameter not in testableParameters:
|
||||
warnMsg = "provided parameter '%s' " % parameter
|
||||
warnMsg += "is not inside the %s" % place
|
||||
logger.warn(warnMsg)
|
||||
debugMsg = "provided parameter '%s' " % parameter
|
||||
debugMsg += "is not inside the %s" % place
|
||||
logger.debug(debugMsg)
|
||||
|
||||
if testableParameters:
|
||||
for parameter, value in testableParameters.items():
|
||||
|
|
|
@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
import codecs
|
||||
import functools
|
||||
import os
|
||||
import re
|
||||
import tempfile
|
||||
|
@ -86,6 +87,19 @@ def _setRequestParams():
|
|||
if conf.data is not None:
|
||||
conf.method = HTTPMETHOD.POST
|
||||
|
||||
def process(match, repl):
|
||||
if conf.testParameter and match.group("name") not in conf.testParameter:
|
||||
retVal = match.group(0)
|
||||
else:
|
||||
retVal = repl
|
||||
while True:
|
||||
_ = re.search(r"\\g<([^>]+)>", retVal)
|
||||
if _:
|
||||
retVal = retVal.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
|
||||
else:
|
||||
break
|
||||
return retVal
|
||||
|
||||
if re.search(JSON_RECOGNITION_REGEX, conf.data):
|
||||
message = "JSON like data found in POST data. "
|
||||
message += "Do you want to process it? [Y/n/q] "
|
||||
|
@ -94,8 +108,8 @@ def _setRequestParams():
|
|||
raise SqlmapUserQuitException
|
||||
elif test[0] not in ("n", "N"):
|
||||
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
|
||||
conf.data = re.sub(r'("[^"]+"\s*:\s*"[^"]+)"', r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, conf.data)
|
||||
conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?\d[\d\.]*\b)', r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, conf.data)
|
||||
conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*"[^"]+)"', functools.partial(process, repl=r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
|
||||
conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*)(-?\d[\d\.]*\b)', functools.partial(process, repl=r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
|
||||
kb.postHint = POST_HINT.JSON
|
||||
|
||||
elif re.search(SOAP_RECOGNITION_REGEX, conf.data):
|
||||
|
@ -106,7 +120,7 @@ def _setRequestParams():
|
|||
raise SqlmapUserQuitException
|
||||
elif test[0] not in ("n", "N"):
|
||||
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
|
||||
conf.data = re.sub(r"(<([^>]+)( [^<]*)?>)([^<]+)(</\2)", r"\g<1>\g<4>%s\g<5>" % CUSTOM_INJECTION_MARK_CHAR, conf.data)
|
||||
conf.data = re.sub(r"(<(?P<name>[^>]+)( [^<]*)?>)([^<]+)(</\2)", functools.partial(process, repl=r"\g<1>\g<4>%s\g<5>" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
|
||||
kb.postHint = POST_HINT.SOAP if "soap" in conf.data.lower() else POST_HINT.XML
|
||||
|
||||
elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data):
|
||||
|
|
Loading…
Reference in New Issue
Block a user