mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Minor improvements
This commit is contained in:
parent
aa9ff9e8a6
commit
7e28c02948
|
@ -124,13 +124,14 @@ class ReqHandler(BaseHTTPRequestHandler):
|
||||||
self.url, self.params = path, params
|
self.url, self.params = path, params
|
||||||
|
|
||||||
if self.url == '/':
|
if self.url == '/':
|
||||||
if "id" not in params:
|
|
||||||
self.send_response(FOUND)
|
|
||||||
self.send_header("Connection", "close")
|
|
||||||
self.send_header("Location", "/?id=1")
|
|
||||||
self.end_headers()
|
|
||||||
else:
|
|
||||||
self.send_response(OK)
|
self.send_response(OK)
|
||||||
|
|
||||||
|
if "id" not in params:
|
||||||
|
self.send_header("Content-type", "text/html")
|
||||||
|
self.send_header("Connection", "close")
|
||||||
|
self.end_headers()
|
||||||
|
self.wfile.write(b"<html><p><h3>GET:</h3><a href='/?id=1'>link</a></p><hr><p><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></p></html>")
|
||||||
|
else:
|
||||||
self.send_header("Content-type", "text/html")
|
self.send_header("Content-type", "text/html")
|
||||||
self.send_header("Connection", "close")
|
self.send_header("Connection", "close")
|
||||||
|
|
||||||
|
|
|
@ -36,6 +36,7 @@ from lib.core.common import isListLike
|
||||||
from lib.core.common import parseTargetUrl
|
from lib.core.common import parseTargetUrl
|
||||||
from lib.core.common import popValue
|
from lib.core.common import popValue
|
||||||
from lib.core.common import pushValue
|
from lib.core.common import pushValue
|
||||||
|
from lib.core.common import randomInt
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
from lib.core.common import removePostHintPrefix
|
from lib.core.common import removePostHintPrefix
|
||||||
|
@ -203,10 +204,11 @@ def _randomFillBlankFields(value):
|
||||||
for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
|
for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
|
||||||
item = match.group("result")
|
item = match.group("result")
|
||||||
if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
|
if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
|
||||||
|
newValue = randomStr() if not re.search(r"^id|id$", item, re.I) else randomInt()
|
||||||
if item[-1] == DEFAULT_GET_POST_DELIMITER:
|
if item[-1] == DEFAULT_GET_POST_DELIMITER:
|
||||||
retVal = retVal.replace(item, "%s%s%s" % (item[:-1], randomStr(), DEFAULT_GET_POST_DELIMITER))
|
retVal = retVal.replace(item, "%s%s%s" % (item[:-1], newValue, DEFAULT_GET_POST_DELIMITER))
|
||||||
else:
|
else:
|
||||||
retVal = retVal.replace(item, "%s%s" % (item, randomStr()))
|
retVal = retVal.replace(item, "%s%s" % (item, newValue))
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
|
|
@ -4909,7 +4909,7 @@ def prioritySortColumns(columns):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def _(column):
|
def _(column):
|
||||||
return column and "id" in column.lower()
|
return column and re.search(r"^id|id$", column, re.I) is not None
|
||||||
|
|
||||||
return sorted(sorted(columns, key=len), key=functools.cmp_to_key(lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0))
|
return sorted(sorted(columns, key=len), key=functools.cmp_to_key(lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0))
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.11.49"
|
VERSION = "1.3.11.50"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -64,6 +64,7 @@ def vulnTest():
|
||||||
|
|
||||||
TESTS = (
|
TESTS = (
|
||||||
("--flush-session", ("CloudFlare",)),
|
("--flush-session", ("CloudFlare",)),
|
||||||
|
("--flush-session --forms --crawl=2 --banner", ("total of 2 targets", "might be injectable", "Type: UNION query", "banner: '3")),
|
||||||
("--flush-session --data='{\"id\": 1}' --banner", ("might be injectable", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3")),
|
("--flush-session --data='{\"id\": 1}' --banner", ("might be injectable", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3")),
|
||||||
("--flush-session --data='<root><param name=\"id\" value=\"1*\"/></root>' --mobile --banner --smart", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3")),
|
("--flush-session --data='<root><param name=\"id\" value=\"1*\"/></root>' --mobile --banner --smart", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3")),
|
||||||
("--flush-session --method=PUT --data='a=1&b=2&c=3&id=1' --skip-static --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "2 entries")),
|
("--flush-session --method=PUT --data='a=1&b=2&c=3&id=1' --skip-static --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "2 entries")),
|
||||||
|
|
|
@ -136,6 +136,14 @@ def crawl(target):
|
||||||
threadData.shared.deeper = set()
|
threadData.shared.deeper = set()
|
||||||
threadData.shared.unprocessed = set([target])
|
threadData.shared.unprocessed = set([target])
|
||||||
|
|
||||||
|
_ = re.sub(r"(?<!/)/(?!/).*", "", target)
|
||||||
|
if _:
|
||||||
|
if target.strip('/') != _.strip('/'):
|
||||||
|
threadData.shared.unprocessed.add(_)
|
||||||
|
|
||||||
|
if re.search(r"\?.*\b\w+=", target):
|
||||||
|
threadData.shared.value.add(target)
|
||||||
|
|
||||||
if kb.checkSitemap is None:
|
if kb.checkSitemap is None:
|
||||||
message = "do you want to check for the existence of "
|
message = "do you want to check for the existence of "
|
||||||
message += "site's sitemap(.xml) [y/N] "
|
message += "site's sitemap(.xml) [y/N] "
|
||||||
|
|
Loading…
Reference in New Issue
Block a user