From d7866ac78d3e4dfa849043b0ad656a79fa9eab26 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 28 Oct 2011 21:28:03 +0000 Subject: [PATCH] added support for automatic filtering of badly formed HTML in --forms mode --- lib/core/option.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index c263e6fe2..f0f3d5014 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -15,6 +15,7 @@ import logging import os import re import socket +import StringIO import sys import threading import urllib2 @@ -523,6 +524,13 @@ def __setBulkMultipleTargets(): f.close() def __findPageForms(): + class _(StringIO.StringIO): + def __init__(self, content, url): + StringIO.StringIO.__init__(self, content) + self._url = url + def geturl(self): + return self._url + if not conf.forms: return @@ -532,7 +540,7 @@ def __findPageForms(): infoMsg = "searching for forms" logger.info(infoMsg) - response, _ = Request.queryPage(response=True) + response, headers = Request.queryPage(response=True) if response is None or isinstance(response, basestring): errMsg = "can't do form parsing as no valid response " @@ -540,11 +548,18 @@ def __findPageForms(): errMsg += "for connection issues" raise sqlmapGenericException, errMsg + response = _(response.read(), response.geturl()) try: forms = ParseResponse(response, backwards_compat=False) except ParseError: - errMsg = "badly formed HTML at the target url. can't parse forms" - raise sqlmapGenericException, errMsg + errMsg = "badly formed HTML at the target url. will try to filter it" + logger.error(errMsg) + response.seek(0) + filtered = _("".join(re.findall(r'', response.read(), re.I | re.S)), response.geturl()) + try: + forms = ParseResponse(filtered, backwards_compat=False) + except ParseError: + raise sqlmapGenericException, "no success" if forms: for form in forms: