mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
path injections
This commit is contained in:
parent
9a34282aa3
commit
caaf7c491f
|
@ -5363,6 +5363,29 @@ def parseRequestFile(reqFile, checkParams=True):
|
||||||
if not(conf.scope and not re.search(conf.scope, url, re.I)):
|
if not(conf.scope and not re.search(conf.scope, url, re.I)):
|
||||||
yield (url, conf.method or method, data, cookie, tuple(headers))
|
yield (url, conf.method or method, data, cookie, tuple(headers))
|
||||||
|
|
||||||
|
def _swaggerOperationParameters(parameters, types):
|
||||||
|
return list(filter(lambda p: (p["in"] in types), parameters))
|
||||||
|
|
||||||
|
def _swaggerOperationQueryString(parameters):
|
||||||
|
queryParameters = _swaggerOperationParameters(parameters, ["query"])
|
||||||
|
if len(queryParameters) < 1:
|
||||||
|
return None
|
||||||
|
queryString = ""
|
||||||
|
for qp in queryParameters:
|
||||||
|
queryString += "&%s=%s" %(qp["name"], qp["example"])
|
||||||
|
|
||||||
|
return queryString.replace('&', '', 1)
|
||||||
|
|
||||||
|
def _swaggerOperationPath(path, parameters):
|
||||||
|
pathParameters = _swaggerOperationParameters(parameters, ["path"])
|
||||||
|
if len(pathParameters) < 1:
|
||||||
|
return path
|
||||||
|
parameterPath = path
|
||||||
|
for p in pathParameters:
|
||||||
|
parameterPath = parameterPath.replace("{%s}" %p["name"], "%s*" %p["example"])
|
||||||
|
return parameterPath
|
||||||
|
|
||||||
|
|
||||||
def _parseSwagger(content):
|
def _parseSwagger(content):
|
||||||
"""
|
"""
|
||||||
Parses Swagger OpenAPI 3.x.x JSON documents
|
Parses Swagger OpenAPI 3.x.x JSON documents
|
||||||
|
@ -5381,27 +5404,26 @@ def parseRequestFile(reqFile, checkParams=True):
|
||||||
if ((tags is None or any(tag in op["tags"] for tag in tags))
|
if ((tags is None or any(tag in op["tags"] for tag in tags))
|
||||||
and operation == "get"):
|
and operation == "get"):
|
||||||
|
|
||||||
|
# header injection is not currently supported
|
||||||
|
if len(_swaggerOperationParameters(op["parameters"], ["query", "path"])) > 0:
|
||||||
url = None
|
url = None
|
||||||
method = None
|
method = None
|
||||||
data = None
|
data = None
|
||||||
cookie = None
|
cookie = None
|
||||||
|
|
||||||
url = "%s%s" % (swagger["servers"][0]["url"], path)
|
parameterPath = _swaggerOperationPath(path, op["parameters"])
|
||||||
|
qs = _swaggerOperationQueryString(op["parameters"])
|
||||||
|
url = "%s%s" % (swagger["servers"][0]["url"], parameterPath)
|
||||||
method = operation.upper()
|
method = operation.upper()
|
||||||
q = list(filter(lambda p: (p["in"] == "query"), op["parameters"]))
|
|
||||||
qs = ""
|
|
||||||
for qp in q:
|
|
||||||
qs += "&%s=%s" %(qp["name"], qp["example"])
|
|
||||||
qs = qs.replace('&', '?', 1)
|
|
||||||
|
|
||||||
if op["parameters"] is not None and len(q) > 0:
|
if qs is not None:
|
||||||
url += qs
|
url += "?" + qs
|
||||||
|
|
||||||
logger.debug("swagger url '%s', method '%s', data '%s', cookie '%s'" %(url, method, data, cookie))
|
logger.debug("swagger url '%s', method '%s', data '%s', cookie '%s'" %(url, method, data, cookie))
|
||||||
yield (url, method, data, cookie, None)
|
yield (url, method, data, cookie, None)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
logger.info("excluding url '%s', method '%s' as target since there are no parameters to inject" %(url, method))
|
logger.info("excluding path '%s', operation '%s' as there are no parameters to inject" %(path, operation))
|
||||||
|
|
||||||
|
|
||||||
except json.decoder.JSONDecodeError:
|
except json.decoder.JSONDecodeError:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user