From c8a4e6378fde1105a6cc06ec29c2d80cde9571c3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 3 Oct 2019 15:09:59 +0200 Subject: [PATCH] Minor improvement for --forms --- lib/controller/controller.py | 4 +- lib/core/common.py | 107 +++++++++++++++++++---------------- lib/core/settings.py | 2 +- 3 files changed, 61 insertions(+), 52 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 9bd97ad16..263c28276 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -374,7 +374,7 @@ def start(): message += "\nCookie: %s" % conf.cookie if conf.data is not None: - message += "\n%s data: %s" % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST, urlencode(conf.data) if conf.data else "") + message += "\n%s data: %s" % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST, urlencode(conf.data or "") if re.search(r"\A\s*[<{]", conf.data or "") is None else conf.data) if conf.forms and conf.method: if conf.method == HTTPMETHOD.GET and targetUrl.find("?") == -1: @@ -389,7 +389,7 @@ def start(): break else: if conf.method != HTTPMETHOD.GET: - message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "") + message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data or "") if re.search(r"\A\s*[<{]", conf.data or "None") is None else conf.data, " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "") conf.data = readInput(message, default=conf.data) conf.data = _randomFillBlankFields(conf.data) conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data diff --git a/lib/core/common.py b/lib/core/common.py index a835d20b3..45cdfea5f 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4417,59 +4417,52 @@ def findPageForms(content, url, raise_=False, addToTargets=False): except: pass - if forms: - for form in forms: - try: - for control in form.controls: - if hasattr(control, "items") and not any((control.disabled, control.readonly)): - # if control has selectable items select first non-disabled - for item in control.items: - if not item.disabled: - if not item.selected: - item.selected = True - break + for form in forms or []: + try: + for control in form.controls: + if hasattr(control, "items") and not any((control.disabled, control.readonly)): + # if control has selectable items select first non-disabled + for item in control.items: + if not item.disabled: + if not item.selected: + item.selected = True + break - if conf.crawlExclude and re.search(conf.crawlExclude, form.action or ""): - dbgMsg = "skipping '%s'" % form.action - logger.debug(dbgMsg) - continue + if conf.crawlExclude and re.search(conf.crawlExclude, form.action or ""): + dbgMsg = "skipping '%s'" % form.action + logger.debug(dbgMsg) + continue - request = form.click() - except (ValueError, TypeError) as ex: - errMsg = "there has been a problem while " - errMsg += "processing page forms ('%s')" % getSafeExString(ex) - if raise_: - raise SqlmapGenericException(errMsg) - else: - logger.debug(errMsg) + request = form.click() + except (ValueError, TypeError) as ex: + errMsg = "there has been a problem while " + errMsg += "processing page forms ('%s')" % getSafeExString(ex) + if raise_: + raise SqlmapGenericException(errMsg) else: - url = urldecode(request.get_full_url(), kb.pageEncoding) - method = request.get_method() - data = request.data - data = urldecode(data, kb.pageEncoding, spaceplus=False) - - if not data and method and method.upper() == HTTPMETHOD.POST: - debugMsg = "invalid POST form with blank data detected" - logger.debug(debugMsg) - continue - - # flag to know if we are dealing with the same target host - _ = checkSameHost(response.geturl(), url) - - if conf.scope: - if not re.search(conf.scope, url, re.I): - continue - elif not _: - continue - else: - target = (url, method, data, conf.cookie, None) - retVal.add(target) - else: - errMsg = "there were no forms found at the given target URL" - if raise_: - raise SqlmapGenericException(errMsg) + logger.debug(errMsg) else: - logger.debug(errMsg) + url = urldecode(request.get_full_url(), kb.pageEncoding) + method = request.get_method() + data = request.data + data = urldecode(data, kb.pageEncoding, spaceplus=False) + + if not data and method and method.upper() == HTTPMETHOD.POST: + debugMsg = "invalid POST form with blank data detected" + logger.debug(debugMsg) + continue + + # flag to know if we are dealing with the same target host + _ = checkSameHost(response.geturl(), url) + + if conf.scope: + if not re.search(conf.scope, url, re.I): + continue + elif not _: + continue + else: + target = (url, method, data, conf.cookie, None) + retVal.add(target) for match in re.finditer(r"\.post\(['\"]([^'\"]*)['\"],\s*\{([^}]*)\}", content): url = _urllib.parse.urljoin(url, htmlUnescape(match.group(1))) @@ -4481,6 +4474,22 @@ def findPageForms(content, url, raise_=False, addToTargets=False): data = data.rstrip(DEFAULT_GET_POST_DELIMITER) retVal.add((url, HTTPMETHOD.POST, data, conf.cookie, None)) + for match in re.finditer(r"(?s)(\w+)\.open\(['\"]POST['\"],\s*['\"]([^'\"]+)['\"]\).*?\1\.send\(([^)]+)\)", content): + url = _urllib.parse.urljoin(url, htmlUnescape(match.group(2))) + data = match.group(3) + + data = re.sub(r"\s*\+\s*[^\s'\"]+|[^\s'\"]+\s*\+\s*", "", data) + + data = data.strip("['\"]") + retVal.add((url, HTTPMETHOD.POST, data, conf.cookie, None)) + + if not retVal: + errMsg = "there were no forms found at the given target URL" + if raise_: + raise SqlmapGenericException(errMsg) + else: + logger.debug(errMsg) + if addToTargets and retVal: for target in retVal: kb.targets.add(target) diff --git a/lib/core/settings.py b/lib/core/settings.py index 87d763a4d..37fa326fb 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.10.2" +VERSION = "1.3.10.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)