From bf0e3c466273e931c4e0bd0cbc916647d8572182 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 28 Mar 2011 22:48:00 +0000 Subject: [PATCH] improvement for --forms with empty fields --- lib/controller/controller.py | 18 ++++++++++++++++-- lib/core/settings.py | 2 ++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 952860f97..3c7810f79 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -20,11 +20,13 @@ from lib.controller.checks import checkNullConnection from lib.controller.checks import heuristicCheckSqlInjection from lib.controller.checks import simpletonCheckSqlInjection from lib.core.agent import agent +from lib.core.common import extractRegexResult from lib.core.common import getFilteredPageContent from lib.core.common import getUnicode from lib.core.common import intersect from lib.core.common import paramToDict from lib.core.common import parseTargetUrl +from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import showHttpErrorCodes from lib.core.convert import urlencode @@ -41,6 +43,7 @@ from lib.core.exception import sqlmapSilentQuitException from lib.core.exception import sqlmapValueException from lib.core.exception import sqlmapUserQuitException from lib.core.session import setInjection +from lib.core.settings import EMPTY_FORM_FIELDS_REGEX from lib.core.settings import REFERER_ALIASES from lib.core.settings import USER_AGENT_ALIASES from lib.core.target import initTargetEnv @@ -218,8 +221,19 @@ def start(): if not test or test[0] in ("y", "Y"): if conf.method == HTTPMETHOD.POST: - message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "", " (Warning: blank fields detected)" if conf.data and '=&' in conf.data else "") - conf.data = urldecode(readInput(message, default=conf.data)) + message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "") + conf.data = readInput(message, default=conf.data) + if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data): + message = "do you want to fill blank fields with random values? [Y/n] " + test = readInput(message, default="Y") + if not test or test[0] in ("y", "Y"): + while extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data): + item = extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) + if item[-1] == '&': + conf.data = conf.data.replace(item, "%s%s&" % (item[:-1], randomStr())) + else: + conf.data = conf.data.replace(item, "%s%s" % (item, randomStr())) + conf.data = urldecode(conf.data) elif conf.method == HTTPMETHOD.GET: if conf.url.find("?") > -1: diff --git a/lib/core/settings.py b/lib/core/settings.py index 9c60adccc..e2f1aaf73 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -219,6 +219,8 @@ ERROR_PARSING_REGEXES = ( META_CHARSET_REGEX = r']+charset=(?P[^">]+)' +EMPTY_FORM_FIELDS_REGEX = r'(?P[^=]+=(&|\Z))' + # Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf COMMON_PASSWORD_SUFFIXES = ["1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18"]