mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
Implements option --csrf-data (#5199)
This commit is contained in:
parent
d7ee423fc5
commit
aa9cc3987e
|
@ -2733,6 +2733,10 @@ def _basicOptionValidation():
|
|||
errMsg = "option '--csrf-method' requires usage of option '--csrf-token'"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
if conf.csrfData and not conf.csrfToken:
|
||||
errMsg = "option '--csrf-data' requires usage of option '--csrf-token'"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
if conf.csrfToken and conf.threads > 1:
|
||||
errMsg = "option '--csrf-url' is incompatible with option '--threads'"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
|
|
@ -64,6 +64,7 @@ optDict = {
|
|||
"csrfToken": "string",
|
||||
"csrfUrl": "string",
|
||||
"csrfMethod": "string",
|
||||
"csrfData": "string",
|
||||
"csrfRetries": "integer",
|
||||
"forceSSL": "boolean",
|
||||
"chunked": "boolean",
|
||||
|
|
|
@ -20,7 +20,7 @@ from thirdparty import six
|
|||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.6.10.5"
|
||||
VERSION = "1.6.10.6"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -276,6 +276,9 @@ def cmdLineParser(argv=None):
|
|||
request.add_argument("--csrf-method", dest="csrfMethod",
|
||||
help="HTTP method to use during anti-CSRF token page visit")
|
||||
|
||||
request.add_argument("--csrf-data", dest="csrfData",
|
||||
help="POST data to send during anti-CSRF token page visit")
|
||||
|
||||
request.add_argument("--csrf-retries", dest="csrfRetries", type=int,
|
||||
help="Retries for anti-CSRF token retrieval (default %d)" % defaults.csrfRetries)
|
||||
|
||||
|
|
|
@ -1186,7 +1186,7 @@ class Connect(object):
|
|||
warnMsg += ". sqlmap is going to retry the request"
|
||||
logger.warning(warnMsg)
|
||||
|
||||
page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
|
||||
page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.csrfData or (conf.data if conf.csrfUrl == conf.url else None), method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
|
||||
page = urldecode(page) # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')
|
||||
|
||||
match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I)
|
||||
|
|
|
@ -195,6 +195,9 @@ csrfUrl =
|
|||
# HTTP method to use during anti-CSRF token page visit.
|
||||
csrfMethod =
|
||||
|
||||
# POST data to send during anti-CSRF token page visit.
|
||||
csrfData =
|
||||
|
||||
# Retries for anti-CSRF token retrieval.
|
||||
csrfRetries =
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user