update

2025-02-03 05:04:11 +03:00 · 2010-10-10 19:50:10 +00:00 · 2010-10-10 19:50:10 +00:00 · 7a5bb2b0d6
commit 7a5bb2b0d6
parent 8fcad29bbf
2 changed files with 19 additions and 6 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -43,7 +43,7 @@ from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setInjection
 from lib.core.target import initTargetEnv
 from lib.core.target import setupTargetEnv
-from lib.core.target import __setPageForms
+from lib.core.target import __findPageForms
 from lib.utils.parenthesis import checkForParenthesis

 def __selectInjection(injData):
@ -107,7 +107,7 @@ def start():

    if conf.url:
        if conf.forms:
-            __setPageForms()
+            __findPageForms()
        else:
            kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie ))

--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -136,7 +136,9 @@ def __setRequestParams():
        errMsg += "within the GET, POST and Cookie parameters"
        raise sqlmapGenericException, errMsg

-def __setPageForms():
+def __findPageForms():
+    infoMsg = "searching for forms"
+    logger.info(infoMsg)
    response, _ = Request.queryPage(response=True)
    forms = ParseResponse(response, backwards_compat=False)
    count = 1
@ -145,10 +147,21 @@ def __setPageForms():
        url = request.get_full_url()
        method = request.get_method()
        data = request.get_data() if request.has_data() else None
-        message = "Form #%d (%s) [default: '%s'] " % (count, form.name, data)
-        test = readInput(message, default=data)
+        message = "(#%d) Do you want to test form '%s' (%s, %s%s) [Y/n] " % (count, form.name, method, url, ", %s" % repr(data) if data else "")
+        test = readInput(message, default="Y")
+        if not test or test[0] in ("y", "Y"):
+            if method == "POST":
+                message = " Edit POST data [default: %s]: " % (data if data else "")
+                test = readInput(message, default=data)
+            elif method == "GET":
+                if url.find("?") > -1:
+                    firstPart = url[:url.find("?")]
+                    secondPart = url[url.find("?")+1:]
+                    message = " Edit GET data [default: %s]: " % secondPart
+                    test = readInput(message, default=secondPart)
+                    url = "%s?%s" % (firstPart, test)
+            kb.targetUrls.add((url, method, data, conf.cookie))
        count +=1
-        kb.targetUrls.add((url, method, data, conf.cookie))

 def __setOutputResume():
    """