sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-09 02:03:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196.

Browse Source
This commit is contained in:
Bernardo Damele 2010-06-29 21:07:23 +00:00
parent ea45d75f2d
commit 8576817a2b
5 changed files with 66 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -294,6 +294,9 @@ Jason Swan <jasoneswan@gmail.com>
for reporting a bug when enumerating columns on Microsoft SQL Server for reporting a bug when enumerating columns on Microsoft SQL Server
for suggesting a couple of improvements for suggesting a couple of improvements
Chilik Tamir <phenoman@gmail.com>
for providing a patch for initial support SOAP requests
Alessandro Tanasi <alessandro@tanasi.it> Alessandro Tanasi <alessandro@tanasi.it>
for extensively beta-testing sqlmap for extensively beta-testing sqlmap
for suggesting many features and reporting some bugs for suggesting many features and reporting some bugs

23
lib/core/agent.py
View File

@ -24,6 +24,8 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import re import re
from xml.etree import ElementTree as ET
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.convert import urlencode from lib.core.convert import urlencode
@ -33,7 +35,6 @@ from lib.core.data import queries
from lib.core.data import temp from lib.core.data import temp
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapNoneDataException
class Agent: class Agent:
""" """
This class defines the SQL agent methods. This class defines the SQL agent methods.
@ -82,6 +83,16 @@ class Agent:
paramString = conf.parameters[kb.injPlace] paramString = conf.parameters[kb.injPlace]
paramDict = conf.paramDict[kb.injPlace] paramDict = conf.paramDict[kb.injPlace]
value = paramDict[kb.injParameter] value = paramDict[kb.injParameter]
if "POSTxml" in conf.paramDict and kb.injPlace == "POST":
root = ET.XML(paramString)
iterator = root.getiterator(kb.injParameter)
for child in iterator:
child.text = "%s%s" % (negValue, value + falseValue + newValue)
retValue = ET.tostring(root)
else:
retValue = paramString.replace("%s=%s" % (kb.injParameter, value), retValue = paramString.replace("%s=%s" % (kb.injParameter, value),
"%s=%s%s" % (kb.injParameter, negValue, value + falseValue + newValue)) "%s=%s%s" % (kb.injParameter, negValue, value + falseValue + newValue))
@ -90,6 +101,16 @@ class Agent:
retValue = value.replace(value, newValue) retValue = value.replace(value, newValue)
else: else:
paramString = conf.parameters[place] paramString = conf.parameters[place]
if "POSTxml" in conf.paramDict and place == "POST":
root = ET.XML(paramString)
iterator = root.getiterator(parameter)
for child in iterator:
child.text = newValue
retValue = ET.tostring(root)
else:
retValue = paramString.replace("%s=%s" % (parameter, value), retValue = paramString.replace("%s=%s" % (parameter, value),
"%s=%s" % (parameter, newValue)) "%s=%s" % (parameter, newValue))

16
lib/core/common.py
View File

@ -44,6 +44,7 @@ from subprocess import PIPE
from subprocess import Popen as execute from subprocess import Popen as execute
from tempfile import NamedTemporaryFile from tempfile import NamedTemporaryFile
from tempfile import mkstemp from tempfile import mkstemp
from xml.etree import ElementTree as ET
from xml.sax import parse from xml.sax import parse
from extra.cloak.cloak import decloak from extra.cloak.cloak import decloak
@ -96,6 +97,7 @@ def paramToDict(place, parameters=None):
if conf.parameters.has_key(place) and not parameters: if conf.parameters.has_key(place) and not parameters:
parameters = conf.parameters[place] parameters = conf.parameters[place]
if place is not "POSTxml":
parameters = parameters.replace(", ", ",") parameters = parameters.replace(", ", ",")
if place == "Cookie": if place == "Cookie":
@ -113,8 +115,18 @@ def paramToDict(place, parameters=None):
condition |= parameter in conf.testParameter condition |= parameter in conf.testParameter
if condition: if condition:
value = elem[1] testableParameters[parameter] = elem[1]
testableParameters[parameter] = value else:
root = ET.XML(parameters)
iterator = root.getiterator()
for child in iterator:
parameter = child.tag
condition = not conf.testParameter
condition |= parameter.split("}")[1] in conf.testParameter
if condition:
testableParameters[parameter] = child.text
if conf.testParameter and not testableParameters: if conf.testParameter and not testableParameters:
paramStr = ", ".join(test for test in conf.testParameter) paramStr = ", ".join(test for test in conf.testParameter)

2
lib/core/convert.py
View File

@ -86,7 +86,7 @@ def urldecode(string):
return result return result
def urlencode(string, safe=":/?%&=", convall=False): def urlencode(string, safe=":/?%&=", convall=False):
if conf.direct: if conf.direct or "POSTxml" in conf.paramDict:
return string return string
result = None result = None

8
lib/core/target.py
View File

@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import codecs import codecs
import os import os
import re
import time import time
from lib.core.common import dataToSessionFile from lib.core.common import dataToSessionFile
@ -66,7 +67,14 @@ def __setRequestParams():
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
if conf.data: if conf.data:
conf.data = conf.data.replace("\n", " ")
conf.parameters["POST"] = conf.data conf.parameters["POST"] = conf.data
# Check if POST data is in xml syntax
if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
conf.paramDict["POSTxml"] = True
__paramDict = paramToDict("POSTxml", conf.data)
else:
__paramDict = paramToDict("POST", conf.data) __paramDict = paramToDict("POST", conf.data)
if __paramDict: if __paramDict: