From b3f4c6d0fc5ef5e258557d716338025b2a5845bc Mon Sep 17 00:00:00 2001 From: tree-chtsec <68040445+tree-chtsec@users.noreply.github.com> Date: Thu, 13 Aug 2020 22:18:31 +0800 Subject: [PATCH] Make asterisk work with --csrf-token option (#4305) --- lib/core/target.py | 2 +- lib/request/connect.py | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/core/target.py b/lib/core/target.py index 02d0eac54..6470be1c3 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -400,7 +400,7 @@ def _setRequestParams(): raise SqlmapGenericException(errMsg) if conf.csrfToken: - if not any(re.search(conf.csrfToken, ' '.join(_), re.I) for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}), conf.paramDict.get(PLACE.COOKIE, {}))) and not re.search(r"\b%s\b" % conf.csrfToken, conf.data or "") and conf.csrfToken not in set(_[0].lower() for _ in conf.httpHeaders) and conf.csrfToken not in conf.paramDict.get(PLACE.COOKIE, {}): + if not any(re.search(conf.csrfToken, ' '.join(_), re.I) for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}), conf.paramDict.get(PLACE.COOKIE, {}))) and not re.search(r"\b%s\b" % conf.csrfToken, conf.data or "") and conf.csrfToken not in set(_[0].lower() for _ in conf.httpHeaders) and conf.csrfToken not in conf.paramDict.get(PLACE.COOKIE, {}) and not all(re.search(conf.csrfToken, _, re.I) for _ in conf.paramDict.get(PLACE.URI, {}).values()): errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken._original errMsg += "found in provided GET, POST, Cookie or header values" raise SqlmapGenericException(errMsg) diff --git a/lib/request/connect.py b/lib/request/connect.py index d61cab0bf..df0b7f6c9 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1125,11 +1125,13 @@ class Connect(object): if token: token.value = token.value.strip("'\"") - for candidate in (PLACE.GET, PLACE.POST): + for candidate in (PLACE.GET, PLACE.POST, PLACE.CUSTOM_POST, PLACE.URI): if candidate in conf.parameters: - if candidate == PLACE.GET and get: + if candidate == PLACE.URI and uri: + uri = _adjustParameter(uri, token.name, token.value) + elif candidate == PLACE.GET and get: get = _adjustParameter(get, token.name, token.value) - elif candidate == PLACE.POST and post: + elif candidate in [PLACE.POST, PLACE.CUSTOM_POST] and post: post = _adjustParameter(post, token.name, token.value) for i in xrange(len(conf.httpHeaders)):