diff --git a/lib/core/common.py b/lib/core/common.py index afa826484..32e07e0fd 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4475,7 +4475,7 @@ def pollProcess(process, suppress_errors=False): break -def parseRequestFile(reqFile): +def parseRequestFile(reqFile, checkParams=True): """ Parses WebScarab and Burp logs and adds results to the target URL list """ @@ -4624,7 +4624,7 @@ def parseRequestFile(reqFile): data = data.rstrip("\r\n") if data else data - if getPostReq and (params or cookie): + if getPostReq and (params or cookie or not checkParams): if not port and isinstance(scheme, basestring) and scheme.lower() == "https": port = "443" elif not scheme and port == "443": diff --git a/lib/core/option.py b/lib/core/option.py index 17dd6ab64..f9151e05c 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -314,7 +314,7 @@ def _setRequestFromFile(): infoMsg = "parsing second-order HTTP request from '%s'" % conf.secondReq logger.info(infoMsg) - target = parseRequestFile(conf.secondReq).next() + target = parseRequestFile(conf.secondReq, False).next() kb.secondReq = target def _setCrawler(): @@ -2224,6 +2224,10 @@ def _basicOptionValidation(): errMsg = "switch '--eta' is incompatible with option '-v'" raise SqlmapSyntaxException(errMsg) + if conf.secondUrl and conf.secondReq: + errMsg = "option '--second-url' is incompatible with option '--second-req')" + raise SqlmapSyntaxException(errMsg) + if conf.direct and conf.url: errMsg = "option '-d' is incompatible with option '-u' ('--url')" raise SqlmapSyntaxException(errMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index dfc4e9b4e..35c0b73c5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.26" +VERSION = "1.2.6.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index afad8a4f3..d6e992f8e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -eb9e08ba86bfcf7d97454357d9838531 lib/core/common.py +fee729e63aab1519fe485af45f4fb1ea lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -41,14 +41,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py -ee8a51cb09bbbe50984a4588a4f29043 lib/core/option.py +d2672b24ffa985523066613138fccbbd lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -12db3bd1245ed6e89910c61e736b1f6b lib/core/settings.py +e9356ecbc79a58112311c4626c0e1c2d lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py