sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-25 15:33:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor workflow update

Browse Source
This commit is contained in:
Miroslav Stampar 2012-10-04 12:05:59 +02:00
parent eddc634ceb
commit d570e25b1b
1 changed files with 35 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/core/target.py
View File

@ -80,7 +80,17 @@ def __setRequestParams():
errMsg = "HTTP POST method depends on HTTP data value to be posted" errMsg = "HTTP POST method depends on HTTP data value to be posted"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
if re.search(JSON_RECOGNITION_REGEX, conf.data or ""): if conf.data:
conf.method = HTTPMETHOD.POST
if hasattr(conf.data, UNENCODED_ORIGINAL_VALUE):
original = getattr(conf.data, UNENCODED_ORIGINAL_VALUE)
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
if CUSTOM_INJECTION_MARK_CHAR in conf.data: # later processed
pass
elif re.search(JSON_RECOGNITION_REGEX, conf.data):
message = "JSON like data found in POST data. " message = "JSON like data found in POST data. "
message += "Do you want to process it? [Y/n/q] " message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y") test = readInput(message, default="Y")
@ -92,7 +102,7 @@ def __setRequestParams():
kb.processUserMarks = True kb.processUserMarks = True
kb.postHint = POST_HINT.JSON kb.postHint = POST_HINT.JSON
elif re.search(SOAP_RECOGNITION_REGEX, conf.data or ""): elif re.search(SOAP_RECOGNITION_REGEX, conf.data):
message = "SOAP like data found in POST data. " message = "SOAP like data found in POST data. "
message += "Do you want to process it? [Y/n/q] " message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y") test = readInput(message, default="Y")
@ -103,11 +113,7 @@ def __setRequestParams():
kb.processUserMarks = True kb.processUserMarks = True
kb.postHint = POST_HINT.SOAP kb.postHint = POST_HINT.SOAP
elif conf.data: else:
if hasattr(conf.data, UNENCODED_ORIGINAL_VALUE):
original = getattr(conf.data, UNENCODED_ORIGINAL_VALUE)
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
place = PLACE.POST place = PLACE.POST
conf.parameters[place] = conf.data conf.parameters[place] = conf.data
@ -117,8 +123,6 @@ def __setRequestParams():
conf.paramDict[place] = paramDict conf.paramDict[place] = paramDict
testableParameters = True testableParameters = True
conf.method = HTTPMETHOD.POST
if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(map(lambda place: place in conf.parameters, [PLACE.GET, PLACE.POST])): if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(map(lambda place: place in conf.parameters, [PLACE.GET, PLACE.POST])):
warnMsg = "you've provided target url without any GET " warnMsg = "you've provided target url without any GET "
warnMsg += "parameters (e.g. www.site.com/article.php?id=1) " warnMsg += "parameters (e.g. www.site.com/article.php?id=1) "
@ -156,7 +160,7 @@ def __setRequestParams():
parts = value.split(CUSTOM_INJECTION_MARK_CHAR) parts = value.split(CUSTOM_INJECTION_MARK_CHAR)
for i in xrange(len(parts) - 1): for i in xrange(len(parts) - 1):
conf.paramDict[place]["#%d%s" % (i + 1, CUSTOM_INJECTION_MARK_CHAR)] = "".join("%s%s" % (parts[j], CUSTOM_INJECTION_MARK_CHAR if i == j else "") for j in xrange(len(parts))) conf.paramDict[place]["%s#%d%s" % (("%s " % kb.postHint) if kb.postHint else "", i + 1, CUSTOM_INJECTION_MARK_CHAR)] = "".join("%s%s" % (parts[j], CUSTOM_INJECTION_MARK_CHAR if i == j else "") for j in xrange(len(parts)))
if place == PLACE.URI and PLACE.GET in conf.paramDict: if place == PLACE.URI and PLACE.GET in conf.paramDict:
del conf.paramDict[PLACE.GET] del conf.paramDict[PLACE.GET]