sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196.

Browse Source
This commit is contained in:
Bernardo Damele 2010-06-29 21:07:23 +00:00
parent ea45d75f2d
commit 8576817a2b
5 changed files with 66 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -294,6 +294,9 @@ Jason Swan <jasoneswan@gmail.com>
for reporting a bug when enumerating columns on Microsoft SQL Server
for suggesting a couple of improvements
Chilik Tamir <phenoman@gmail.com>
for providing a patch for initial support SOAP requests
Alessandro Tanasi <alessandro@tanasi.it>
for extensively beta-testing sqlmap
for suggesting many features and reporting some bugs

31
lib/core/agent.py
View File

@ -24,6 +24,8 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import re
from xml.etree import ElementTree as ET
from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.convert import urlencode
@ -33,7 +35,6 @@ from lib.core.data import queries
from lib.core.data import temp
from lib.core.exception import sqlmapNoneDataException
class Agent:
"""
This class defines the SQL agent methods.
@ -82,16 +83,36 @@ class Agent:
paramString = conf.parameters[kb.injPlace]
paramDict = conf.paramDict[kb.injPlace]
value = paramDict[kb.injParameter]
retValue = paramString.replace("%s=%s" % (kb.injParameter, value),
"%s=%s%s" % (kb.injParameter, negValue, value + falseValue + newValue))
if "POSTxml" in conf.paramDict and kb.injPlace == "POST":
root = ET.XML(paramString)
iterator = root.getiterator(kb.injParameter)
for child in iterator:
child.text = "%s%s" % (negValue, value + falseValue + newValue)
retValue = ET.tostring(root)
else:
retValue = paramString.replace("%s=%s" % (kb.injParameter, value),
"%s=%s%s" % (kb.injParameter, negValue, value + falseValue + newValue))
# Before identifing the injectable parameter
elif parameter == "User-Agent":
retValue = value.replace(value, newValue)
else:
paramString = conf.parameters[place]
retValue = paramString.replace("%s=%s" % (parameter, value),
"%s=%s" % (parameter, newValue))
if "POSTxml" in conf.paramDict and place == "POST":
root = ET.XML(paramString)
iterator = root.getiterator(parameter)
for child in iterator:
child.text = newValue
retValue = ET.tostring(root)
else:
retValue = paramString.replace("%s=%s" % (parameter, value),
"%s=%s" % (parameter, newValue))
return retValue

40
lib/core/common.py
View File

@ -44,6 +44,7 @@ from subprocess import PIPE
from subprocess import Popen as execute
from tempfile import NamedTemporaryFile
from tempfile import mkstemp
from xml.etree import ElementTree as ET
from xml.sax import parse
from extra.cloak.cloak import decloak
@ -96,25 +97,36 @@ def paramToDict(place, parameters=None):
if conf.parameters.has_key(place) and not parameters:
parameters = conf.parameters[place]
parameters = parameters.replace(", ", ",")
if place is not "POSTxml":
parameters = parameters.replace(", ", ",")
if place == "Cookie":
splitParams = parameters.split(";")
if place == "Cookie":
splitParams = parameters.split(";")
else:
splitParams = parameters.split("&")
for element in splitParams:
elem = element.split("=")
if len(elem) == 2:
parameter = elem[0].replace(" ", "")
condition = not conf.testParameter
condition |= parameter in conf.testParameter
if condition:
testableParameters[parameter] = elem[1]
else:
splitParams = parameters.split("&")
root = ET.XML(parameters)
iterator = root.getiterator()
for element in splitParams:
elem = element.split("=")
if len(elem) == 2:
parameter = elem[0].replace(" ", "")
condition = not conf.testParameter
condition |= parameter in conf.testParameter
for child in iterator:
parameter = child.tag
condition = not conf.testParameter
condition |= parameter.split("}")[1] in conf.testParameter
if condition:
value = elem[1]
testableParameters[parameter] = value
testableParameters[parameter] = child.text
if conf.testParameter and not testableParameters:
paramStr = ", ".join(test for test in conf.testParameter)

4
lib/core/convert.py
View File

@ -86,7 +86,7 @@ def urldecode(string):
return result
def urlencode(string, safe=":/?%&=", convall=False):
if conf.direct:
if conf.direct or "POSTxml" in conf.paramDict:
return string
result = None
@ -95,7 +95,7 @@ def urlencode(string, safe=":/?%&=", convall=False):
return result
if convall:
result = urllib.quote(utf8encode(string)) #Reference: http://old.nabble.com/Re:-Problem:-neither-urllib2.quote-nor-urllib.quote-encode-the--unicode-strings-arguments-p19823144.html
result = urllib.quote(utf8encode(string)) # Reference: http://old.nabble.com/Re:-Problem:-neither-urllib2.quote-nor-urllib.quote-encode-the--unicode-strings-arguments-p19823144.html
else:
result = urllib.quote(utf8encode(string), safe)

10
lib/core/target.py
View File

@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import codecs
import os
import re
import time
from lib.core.common import dataToSessionFile
@ -66,8 +67,15 @@ def __setRequestParams():
raise sqlmapSyntaxException, errMsg
if conf.data:
conf.data = conf.data.replace("\n", " ")
conf.parameters["POST"] = conf.data
__paramDict = paramToDict("POST", conf.data)
# Check if POST data is in xml syntax
if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
conf.paramDict["POSTxml"] = True
__paramDict = paramToDict("POSTxml", conf.data)
else:
__paramDict = paramToDict("POST", conf.data)
if __paramDict:
conf.paramDict["POST"] = __paramDict