improvement for --forms with empty fields

lib/controller/controller.py

@@ -20,11 +20,13 @@ from lib.controller.checks import checkNullConnection
 from lib.controller.checks import heuristicCheckSqlInjection
 from lib.controller.checks import simpletonCheckSqlInjection
 from lib.core.agent import agent
+from lib.core.common import extractRegexResult
 from lib.core.common import getFilteredPageContent
 from lib.core.common import getUnicode
 from lib.core.common import intersect
 from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
+from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import showHttpErrorCodes
 from lib.core.convert import urlencode
@@ -41,6 +43,7 @@ from lib.core.exception import sqlmapSilentQuitException
 from lib.core.exception import sqlmapValueException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setInjection
+from lib.core.settings import EMPTY_FORM_FIELDS_REGEX
 from lib.core.settings import REFERER_ALIASES
 from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.target import initTargetEnv
@@ -218,8 +221,19 @@ def start():
 
                     if not test or test[0] in ("y", "Y"):
                         if conf.method == HTTPMETHOD.POST:
-                            message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "", " (Warning: blank fields detected)" if conf.data and '=&' in conf.data else "")
-                            conf.data = urldecode(readInput(message, default=conf.data))
+                            message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
+                            conf.data = readInput(message, default=conf.data)
+                            if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data):
+                                message = "do you want to fill blank fields with random values? [Y/n] "
+                                test = readInput(message, default="Y")
+                                if not test or test[0] in ("y", "Y"):
+                                    while extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data):
+                                        item = extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data)
+                                        if item[-1] == '&':
+                                            conf.data = conf.data.replace(item, "%s%s&" % (item[:-1], randomStr()))
+                                        else:
+                                            conf.data = conf.data.replace(item, "%s%s" % (item, randomStr()))
+                            conf.data = urldecode(conf.data)
 
                         elif conf.method == HTTPMETHOD.GET:
                             if conf.url.find("?") > -1:

lib/core/settings.py

@@ -219,6 +219,8 @@ ERROR_PARSING_REGEXES = (
 
 META_CHARSET_REGEX  = r'<meta http-equiv="?content-type"?[^>]+charset=(?P<result>[^">]+)'
 
+EMPTY_FORM_FIELDS_REGEX = r'(?P<result>[^=]+=(&|\Z))'
+
 # Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf
 COMMON_PASSWORD_SUFFIXES = ["1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18"]