mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 05:04:11 +03:00
Minor preparation for an Issue #48
This commit is contained in:
parent
3e9f1fe410
commit
b3552494c4
|
@ -460,7 +460,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
# Feed with the boundaries details only the first time a
|
||||
# test has been successful
|
||||
if injection.place is None or injection.parameter is None:
|
||||
if place in (PLACE.UA, PLACE.REFERER, PLACE.HOST):
|
||||
if place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
|
||||
injection.parameter = place
|
||||
else:
|
||||
injection.parameter = parameter
|
||||
|
|
|
@ -378,7 +378,7 @@ def start():
|
|||
for place in parameters:
|
||||
# Test User-Agent and Referer headers only if
|
||||
# --level >= 3
|
||||
skip = (place == PLACE.UA and conf.level < 3)
|
||||
skip = (place == PLACE.USER_AGENT and conf.level < 3)
|
||||
skip |= (place == PLACE.REFERER and conf.level < 3)
|
||||
|
||||
# Test Host header only if
|
||||
|
@ -388,11 +388,11 @@ def start():
|
|||
# Test Cookie header only if --level >= 2
|
||||
skip |= (place == PLACE.COOKIE and conf.level < 2)
|
||||
|
||||
skip |= (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))
|
||||
skip |= (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))
|
||||
skip |= (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.skip, True) not in ([], None))
|
||||
skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None))
|
||||
|
||||
skip &= not (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
|
||||
skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
|
||||
skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True))
|
||||
skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True))
|
||||
|
||||
|
|
|
@ -118,7 +118,7 @@ class Agent:
|
|||
retVal = ET.tostring(root)
|
||||
elif place in (PLACE.URI, PLACE.CUSTOM_POST):
|
||||
retVal = paramString.replace("%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue))
|
||||
elif place in (PLACE.UA, PLACE.REFERER, PLACE.HOST):
|
||||
elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
|
||||
retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
|
||||
else:
|
||||
retVal = paramString.replace("%s=%s" % (parameter, origValue),
|
||||
|
|
|
@ -61,7 +61,7 @@ class PLACE:
|
|||
SOAP = "SOAP"
|
||||
URI = "URI"
|
||||
COOKIE = "Cookie"
|
||||
UA = "User-Agent"
|
||||
USER_AGENT = "User-Agent"
|
||||
REFERER = "Referer"
|
||||
HOST = "Host"
|
||||
CUSTOM_POST = "(custom) POST"
|
||||
|
|
|
@ -26,6 +26,7 @@ from lib.core.data import logger
|
|||
from lib.core.data import paths
|
||||
from lib.core.dump import dumper
|
||||
from lib.core.enums import HASHDB_KEYS
|
||||
from lib.core.enums import HTTPHEADER
|
||||
from lib.core.enums import HTTPMETHOD
|
||||
from lib.core.enums import PLACE
|
||||
from lib.core.exception import sqlmapFilePathException
|
||||
|
@ -158,16 +159,18 @@ def __setRequestParams():
|
|||
# Url encoding of the header values should be avoided
|
||||
# Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
|
||||
|
||||
if httpHeader == PLACE.UA:
|
||||
conf.parameters[PLACE.UA] = urldecode(headerValue)
|
||||
httpHeader = "-".join(_.capitalize() for _ in (httpHeader or "").split("-"))
|
||||
|
||||
if httpHeader == HTTPHEADER.USER_AGENT:
|
||||
conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
|
||||
|
||||
condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
|
||||
|
||||
if condition:
|
||||
conf.paramDict[PLACE.UA] = {PLACE.UA: headerValue}
|
||||
conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
|
||||
testableParameters = True
|
||||
|
||||
elif httpHeader == PLACE.REFERER:
|
||||
elif httpHeader == HTTPHEADER.REFERER:
|
||||
conf.parameters[PLACE.REFERER] = urldecode(headerValue)
|
||||
|
||||
condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
|
||||
|
@ -176,7 +179,7 @@ def __setRequestParams():
|
|||
conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
|
||||
testableParameters = True
|
||||
|
||||
elif httpHeader == PLACE.HOST:
|
||||
elif httpHeader == HTTPHEADER.HOST:
|
||||
conf.parameters[PLACE.HOST] = urldecode(headerValue)
|
||||
|
||||
condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
|
||||
|
|
|
@ -595,8 +595,8 @@ class Connect:
|
|||
if PLACE.COOKIE in conf.parameters:
|
||||
cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value
|
||||
|
||||
if PLACE.UA in conf.parameters:
|
||||
ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value
|
||||
if PLACE.USER_AGENT in conf.parameters:
|
||||
ua = conf.parameters[PLACE.USER_AGENT] if place != PLACE.USER_AGENT or not value else value
|
||||
|
||||
if PLACE.REFERER in conf.parameters:
|
||||
referer = conf.parameters[PLACE.REFERER] if place != PLACE.REFERER or not value else value
|
||||
|
|
Loading…
Reference in New Issue
Block a user