From aebae6e27b926e322c96de973bf3cf46a1ddf2a0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Mar 2017 10:16:35 +0200 Subject: [PATCH] Added (heuristic) support for #1679 --- lib/core/settings.py | 2 +- lib/request/connect.py | 25 +++++++++++++++++-------- txt/checksum.md5 | 4 ++-- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e27f4304a..84e884de4 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.1.3.14" +VERSION = "1.1.3.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index c56d368c0..f7afb4b6e 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1045,20 +1045,29 @@ class Connect(object): found = False value = getUnicode(value) - regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name) - if kb.postHint and re.search(regex, (post or "")): - found = True - post = re.sub(regex, "\g<1>\g<2>%s" % value, post) + if kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""): + if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP): + if re.search(r"<%s\b" % re.escape(name), post): + found = True + post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(%s\g<3>" % value, post) + elif re.search(r"\b%s>" % re.escape(name), post): + found = True + post = re.sub(r"(?s)(\b%s>)(.*?)()" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value, post) + + regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name) + if not found and re.search(regex, (post or "")): + found = True + post = re.sub(regex, "\g<1>\g<2>%s" % value, post) regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter)) + if not found and re.search(regex, (post or "")): + found = True + post = re.sub(regex, "\g<1>%s\g<3>" % value, post) + if re.search(regex, (get or "")): found = True get = re.sub(regex, "\g<1>%s\g<3>" % value, get) - if re.search(regex, (post or "")): - found = True - post = re.sub(regex, "\g<1>%s\g<3>" % value, post) - if re.search(regex, (query or "")): found = True uri = re.sub(regex.replace(r"\A", r"\?"), "\g<1>%s\g<3>" % value, uri) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1251591c0..2a08847a3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -45,7 +45,7 @@ a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py d8e9250f3775119df07e9070eddccd16 lib/core/replication.py 785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py 40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py -c33fe4941f9d344d9100104b0a0e4abb lib/core/settings.py +3d8c01162174b351f890ceb122fd9052 lib/core/settings.py d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py 2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py @@ -67,7 +67,7 @@ a0444cc351cd6d29015ad16d9eb46ff4 lib/parse/sitemap.py 403d873f1d2fd0c7f73d83f104e41850 lib/request/basicauthhandler.py 0035612a620934d7ebe6d18426cfb065 lib/request/basic.py ef48de622b0a6b4a71df64b0d2785ef8 lib/request/comparison.py -a4e3e939d059bb604309f5089c78c1dc lib/request/connect.py +46fe0392776e18fcc37bf08d2c3ce5e3 lib/request/connect.py fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py 5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py