sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-28 09:00:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

good state but not functional yet

Browse Source
This commit is contained in:
Marcel Gregoriadis 2018-12-07 03:23:41 +01:00
parent eff7abd080
commit a56a693a7f
1 changed files with 51 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
lib/request/connect.py
View File

@ -772,6 +772,11 @@ class Connect(object):
if not multipart: if not multipart:
logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
if "Invalid csrf token." in page:
print "Invalid CSRF Token!"
else:
print "Valid CSRF Token!"
return page, responseHeaders, code return page, responseHeaders, code
@staticmethod @staticmethod
@ -971,39 +976,61 @@ class Connect(object):
return retVal return retVal
page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST)) page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
print 1
if "*" in conf.csrfToken: if "*" in conf.csrfToken:
conf.csrfTokenPattern = '' csrfTokenPattern = r""
strings = conf.csrfToken.split("*") strings = conf.csrfToken.split("*")
for index, string in enumerate(strings): for index, string in enumerate(strings):
conf.csrfTokenPattern += re.escape(string) csrfTokenPattern += re.escape(string)
if index < len(strings) - 1: if index < len(strings) - 1:
conf.csrfTokenPattern += ".*" csrfTokenPattern += ".*"
token = extractRegexResult( tmp = extractRegexResult(
r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % conf.csrfTokenPattern, page or "") r"(?i)<input[^>]+\bname=[\"']?(?P<result>%s)\b[^>]*\bvalue=[\"']?[^>'\"]*" % csrfTokenPattern,
conf.csrfToken = extractRegexResult( page or "")[:-2]
r"(?i)<input[^>]+\bname=[\"']?(?P<result>%s)\b[^>]*\bvalue=[\"']?[^>'\"]*" % conf.csrfTokenPattern, page or "")[:-2]
getParams = urlparse.parse_qs(conf.parameters[PLACE.GET]) if not tmp:
for key, value in getParams.items(): getParams = urlparse.parse_qs(conf.parameters[PLACE.GET])
if re.search(r"\b%s\b" % conf.csrfTokenPattern, key): for key, value in getParams.items():
getParams[conf.csrfToken] = getParams[key] if re.search(r"\b%s\b" % csrfTokenPattern, key):
del getParams[key] tmp = key
break
conf.parameters[PLACE.GET] = urllib.urlencode(getParams, doseq=True)
paramDict = paramToDict(PLACE.GET, conf.parameters[PLACE.GET]) if tmp: conf.csrfToken = tmp
if paramDict:
conf.paramDict[PLACE.GET] = paramDict
print "ok"
else:
token = extractRegexResult(r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % re.escape(conf.csrfToken), page or "") token = extractRegexResult(r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % re.escape(conf.csrfToken), page or "")
if not token:
if tmp:
getParams = dict(urlparse.parse_qsl(conf.parameters[PLACE.GET]))
for key, value in getParams.iteritems():
if re.search(r"\b%s\b" % csrfTokenPattern, key):
getParams[conf.csrfToken] = token
if key != conf.csrfToken:
del getParams[key]
break
conf.parameters[PLACE.GET] = urllib.urlencode(getParams)
for key, value in conf.paramDict[PLACE.GET].items():
if re.search(r"\b%s\b" % csrfTokenPattern, key):
conf.paramDict[PLACE.GET][conf.csrfToken] = token
if key != conf.csrfToken:
del conf.paramDict[PLACE.GET][key]
break
else:
token = extractRegexResult( token = extractRegexResult(
r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % re.escape(conf.csrfToken),
conf.csrfTokenPattern, page or "") page or "")
#print "###########################"
#print "- Token: " + token
#print "- Token Name: " + conf.csrfToken
#print "- Parameters: " + conf.parameters[PLACE.GET]
#print "############################"
if not token: if not token:
token = extractRegexResult(r"(?i)<input[^>]+\bvalue=[\"']?(?P<result>[^>'\"]*)[\"']?[^>]*\bname=[\"']?%s\b" % re.escape(conf.csrfToken), page or "") token = extractRegexResult(r"(?i)<input[^>]+\bvalue=[\"']?(?P<result>[^>'\"]*)[\"']?[^>]*\bname=[\"']?%s\b" % re.escape(conf.csrfToken), page or "")
@ -1296,7 +1323,9 @@ class Connect(object):
if not pageLength: if not pageLength:
try: try:
get = conf.parameters
page, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare) page, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
print 2
except MemoryError: except MemoryError:
page, headers, code = None, None, None page, headers, code = None, None, None
warnMsg = "site returned insanely large response" warnMsg = "site returned insanely large response"