sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-10 19:50:10 +00:00
parent 8fcad29bbf
commit 7a5bb2b0d6
2 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/controller/controller.py
View File

@ -43,7 +43,7 @@ from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setInjection from lib.core.session import setInjection
from lib.core.target import initTargetEnv from lib.core.target import initTargetEnv
from lib.core.target import setupTargetEnv from lib.core.target import setupTargetEnv
from lib.core.target import __setPageForms from lib.core.target import __findPageForms
from lib.utils.parenthesis import checkForParenthesis from lib.utils.parenthesis import checkForParenthesis
def __selectInjection(injData): def __selectInjection(injData):
@ -107,7 +107,7 @@ def start():
if conf.url: if conf.url:
if conf.forms: if conf.forms:
__setPageForms() __findPageForms()
else: else:
kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie )) kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie ))

21
lib/core/target.py
View File

@ -136,7 +136,9 @@ def __setRequestParams():
errMsg += "within the GET, POST and Cookie parameters" errMsg += "within the GET, POST and Cookie parameters"
raise sqlmapGenericException, errMsg raise sqlmapGenericException, errMsg
def __setPageForms(): def __findPageForms():
infoMsg = "searching for forms"
logger.info(infoMsg)
response, _ = Request.queryPage(response=True) response, _ = Request.queryPage(response=True)
forms = ParseResponse(response, backwards_compat=False) forms = ParseResponse(response, backwards_compat=False)
count = 1 count = 1
@ -145,10 +147,21 @@ def __setPageForms():
url = request.get_full_url() url = request.get_full_url()
method = request.get_method() method = request.get_method()
data = request.get_data() if request.has_data() else None data = request.get_data() if request.has_data() else None
message = "Form #%d (%s) [default: '%s'] " % (count, form.name, data) message = "(#%d) Do you want to test form '%s' (%s, %s%s) [Y/n] " % (count, form.name, method, url, ", %s" % repr(data) if data else "")
test = readInput(message, default=data) test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
if method == "POST":
message = " Edit POST data [default: %s]: " % (data if data else "")
test = readInput(message, default=data)
elif method == "GET":
if url.find("?") > -1:
firstPart = url[:url.find("?")]
secondPart = url[url.find("?")+1:]
message = " Edit GET data [default: %s]: " % secondPart
test = readInput(message, default=secondPart)
url = "%s?%s" % (firstPart, test)
kb.targetUrls.add((url, method, data, conf.cookie))
count +=1 count +=1
kb.targetUrls.add((url, method, data, conf.cookie))
def __setOutputResume(): def __setOutputResume():
""" """