sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-28 09:00:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

preserve the csrfTokenPattern in the conf dictionary and check it on none token

Browse Source
This commit is contained in:
Marcel Gregoriadis 2018-12-05 03:02:40 +01:00
parent 87e9ec2b4b
commit db25bc6ae2
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/request/connect.py
View File

@ -972,19 +972,23 @@ class Connect(object):
page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST)) page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
if "*" in conf.csrfToken: if "*" in conf.csrfToken:
csrfTokenPattern = '' conf.csrfTokenPattern = ''
strings = conf.csrfToken.split("*") strings = conf.csrfToken.split("*")
for index, string in enumerate(strings): for index, string in enumerate(strings):
csrfTokenPattern += re.escape(string) conf.csrfTokenPattern += re.escape(string)
if index < len(strings) - 1: if index < len(strings) - 1:
csrfTokenPattern += ".*" conf.csrfTokenPattern += ".*"
token = extractRegexResult( token = extractRegexResult(
r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % csrfTokenPattern, page or "") r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % conf.csrfTokenPattern, page or "")
conf.csrfToken = extractRegexResult( conf.csrfToken = extractRegexResult(
r"(?i)<input[^>]+\bname=[\"']?(?P<result>%s)\b[^>]*\bvalue=[\"']?[^>'\"]*" % csrfTokenPattern, page or "")[:-2] r"(?i)<input[^>]+\bname=[\"']?(?P<result>%s)\b[^>]*\bvalue=[\"']?[^>'\"]*" % conf.csrfTokenPattern, page or "")[:-2]
else: else:
token = extractRegexResult(r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % re.escape(conf.csrfToken), page or "") token = extractRegexResult(r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" % re.escape(conf.csrfToken), page or "")
if not token:
token = extractRegexResult(
r"(?i)<input[^>]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P<result>[^>'\"]*)" %
conf.csrfTokenPattern, page or "")
if not token: if not token:
token = extractRegexResult(r"(?i)<input[^>]+\bvalue=[\"']?(?P<result>[^>'\"]*)[\"']?[^>]*\bname=[\"']?%s\b" % re.escape(conf.csrfToken), page or "") token = extractRegexResult(r"(?i)<input[^>]+\bvalue=[\"']?(?P<result>[^>'\"]*)[\"']?[^>]*\bname=[\"']?%s\b" % re.escape(conf.csrfToken), page or "")