Implements option --csrf-data (#5199)

This commit is contained in:
Miroslav Stampar 2022-10-17 11:52:22 +02:00
parent d7ee423fc5
commit aa9cc3987e
6 changed files with 13 additions and 2 deletions

View File

@ -2733,6 +2733,10 @@ def _basicOptionValidation():
errMsg = "option '--csrf-method' requires usage of option '--csrf-token'" errMsg = "option '--csrf-method' requires usage of option '--csrf-token'"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
if conf.csrfData and not conf.csrfToken:
errMsg = "option '--csrf-data' requires usage of option '--csrf-token'"
raise SqlmapSyntaxException(errMsg)
if conf.csrfToken and conf.threads > 1: if conf.csrfToken and conf.threads > 1:
errMsg = "option '--csrf-url' is incompatible with option '--threads'" errMsg = "option '--csrf-url' is incompatible with option '--threads'"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)

View File

@ -64,6 +64,7 @@ optDict = {
"csrfToken": "string", "csrfToken": "string",
"csrfUrl": "string", "csrfUrl": "string",
"csrfMethod": "string", "csrfMethod": "string",
"csrfData": "string",
"csrfRetries": "integer", "csrfRetries": "integer",
"forceSSL": "boolean", "forceSSL": "boolean",
"chunked": "boolean", "chunked": "boolean",

View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.6.10.5" VERSION = "1.6.10.6"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -276,6 +276,9 @@ def cmdLineParser(argv=None):
request.add_argument("--csrf-method", dest="csrfMethod", request.add_argument("--csrf-method", dest="csrfMethod",
help="HTTP method to use during anti-CSRF token page visit") help="HTTP method to use during anti-CSRF token page visit")
request.add_argument("--csrf-data", dest="csrfData",
help="POST data to send during anti-CSRF token page visit")
request.add_argument("--csrf-retries", dest="csrfRetries", type=int, request.add_argument("--csrf-retries", dest="csrfRetries", type=int,
help="Retries for anti-CSRF token retrieval (default %d)" % defaults.csrfRetries) help="Retries for anti-CSRF token retrieval (default %d)" % defaults.csrfRetries)

View File

@ -1186,7 +1186,7 @@ class Connect(object):
warnMsg += ". sqlmap is going to retry the request" warnMsg += ". sqlmap is going to retry the request"
logger.warning(warnMsg) logger.warning(warnMsg)
page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST)) page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.csrfData or (conf.data if conf.csrfUrl == conf.url else None), method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
page = urldecode(page) # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...') page = urldecode(page) # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')
match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I) match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I)

View File

@ -195,6 +195,9 @@ csrfUrl =
# HTTP method to use during anti-CSRF token page visit. # HTTP method to use during anti-CSRF token page visit.
csrfMethod = csrfMethod =
# POST data to send during anti-CSRF token page visit.
csrfData =
# Retries for anti-CSRF token retrieval. # Retries for anti-CSRF token retrieval.
csrfRetries = csrfRetries =