Implements option --csrf-data (#5199)

2025-10-31 07:57:47 +03:00 · 2022-10-17 11:52:22 +02:00 · 2022-10-17 11:52:22 +02:00 · aa9cc3987e
commit aa9cc3987e
parent d7ee423fc5
6 changed files with 13 additions and 2 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -2733,6 +2733,10 @@ def _basicOptionValidation():
        errMsg = "option '--csrf-method' requires usage of option '--csrf-token'"
        raise SqlmapSyntaxException(errMsg)

+    if conf.csrfData and not conf.csrfToken:
+        errMsg = "option '--csrf-data' requires usage of option '--csrf-token'"
+        raise SqlmapSyntaxException(errMsg)
+
    if conf.csrfToken and conf.threads > 1:
        errMsg = "option '--csrf-url' is incompatible with option '--threads'"
        raise SqlmapSyntaxException(errMsg)
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -64,6 +64,7 @@ optDict = {
        "csrfToken": "string",
        "csrfUrl": "string",
        "csrfMethod": "string",
+        "csrfData": "string",
        "csrfRetries": "integer",
        "forceSSL": "boolean",
        "chunked": "boolean",
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.6.10.5"
+VERSION = "1.6.10.6"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -276,6 +276,9 @@ def cmdLineParser(argv=None):
        request.add_argument("--csrf-method", dest="csrfMethod",
            help="HTTP method to use during anti-CSRF token page visit")

+        request.add_argument("--csrf-data", dest="csrfData",
+            help="POST data to send during anti-CSRF token page visit")
+
        request.add_argument("--csrf-retries", dest="csrfRetries", type=int,
            help="Retries for anti-CSRF token retrieval (default %d)" % defaults.csrfRetries)

--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -1186,7 +1186,7 @@ class Connect(object):
                    warnMsg += ". sqlmap is going to retry the request"
                    logger.warning(warnMsg)

-                page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
+                page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.csrfData or (conf.data if conf.csrfUrl == conf.url else None), method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
                page = urldecode(page)  # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')

                match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I)
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -195,6 +195,9 @@ csrfUrl =
 # HTTP method to use during anti-CSRF token page visit.
 csrfMethod =

+# POST data to send during anti-CSRF token page visit.
+csrfData =
+
 # Retries for anti-CSRF token retrieval.
 csrfRetries =