diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 56f1529f2..54d781c4d 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -110,6 +110,7 @@ optDict = { "uFrom": "string", "dnsDomain": "string", "secondUrl": "string", + "secondReq": "string", }, "Fingerprint": { diff --git a/lib/core/settings.py b/lib/core/settings.py index 6f7c876eb..ec1744eac 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.24" +VERSION = "1.2.6.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index ab6b2f8e1..dcbf3d876 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -336,6 +336,9 @@ def cmdLineParser(argv=None): techniques.add_option("--second-url", dest="secondUrl", help="Resulting page URL searched for second-order response") + techniques.add_option("--second-req", dest="secondReq", + help="Load second-order HTTP request from file") + # Fingerprint options fingerprint = OptionGroup(parser, "Fingerprint") diff --git a/lib/request/connect.py b/lib/request/connect.py index 50f287bee..a4300d0a4 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1237,6 +1237,8 @@ class Connect(object): if conf.secondUrl: page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) + elif conf.secondReq: + pass threadData.lastQueryDuration = calculateDeltaSeconds(start) threadData.lastPage = page diff --git a/sqlmap.conf b/sqlmap.conf index e0c9eda00..3d70d3383 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -367,29 +367,33 @@ tech = BEUSTQ # Default: 5 timeSec = 5 -# Range of columns to test for +# Range of columns to test for. # Valid: range of integers # Example: 1-10 uCols = -# Character to use for bruteforcing number of columns +# Character to use for bruteforcing number of columns. # Valid: string # Example: NULL uChar = -# Table to use in FROM part of UNION query SQL injection +# Table to use in FROM part of UNION query SQL injection. # Valid: string # Example: INFORMATION_SCHEMA.COLLATIONS uFrom = -# Domain name used for DNS exfiltration attack +# Domain name used for DNS exfiltration attack. # Valid: string dnsDomain = -# Resulting page URL searched for second-order response +# Resulting page URL searched for second-order response. # Valid: string secondUrl = +# Load second-order HTTP request from file. +# Valid: string +secondReq = + [Fingerprint] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 282acd53a..187f76e69 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,7 +40,7 @@ bfffdc74a93ff647c49b79c215d96d8a lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -262b62d685a2403586e6ca0aac2e41d8 lib/core/optiondict.py +e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py 90a061be1a0658c2bdb197511b61d6fa lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b78d172e50095c1d6612ed52b4c79a6b lib/core/settings.py +dc0d040df74bdf0d6a08f41d412b76e7 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py @@ -59,7 +59,7 @@ c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -d6ac9df0bafd0ee171380a7b0581f6d2 lib/parse/cmdline.py +2b3b021a8e7e119d0553c02b110d07d9 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -70,7 +70,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -60c9d366d0f2173d8dc9f504a7e9d374 lib/request/connect.py +607419fd07bcabc274782dbc7b238e8b lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py