sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-31 16:07:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update regarding --randomize

Browse Source
This commit is contained in:
Miroslav Stampar 2011-08-29 13:08:25 +00:00
parent ac00014c4a
commit e0f521cf9d
3 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/core/option.py
View File

@ -102,6 +102,7 @@ from lib.core.settings import DB2_ALIASES
from lib.core.settings import BURP_SPLITTER from lib.core.settings import BURP_SPLITTER
from lib.core.settings import LOCALHOST from lib.core.settings import LOCALHOST
from lib.core.settings import MAX_NUMBER_OF_THREADS from lib.core.settings import MAX_NUMBER_OF_THREADS
from lib.core.settings import PARAMETER_SPLITTING_REGEX
from lib.core.settings import TIME_DELAY_CANDIDATES from lib.core.settings import TIME_DELAY_CANDIDATES
from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import UNKNOWN_DBMS_VERSION
from lib.core.settings import WEBSCARAB_SPLITTER from lib.core.settings import WEBSCARAB_SPLITTER
@ -778,7 +779,7 @@ def __setTamperingFunctions():
resolve_priorities = False resolve_priorities = False
priorities = [] priorities = []
for tfile in re.split(r'[,|;]', conf.tamper): for tfile in re.split(PARAMETER_SPLITTING_REGEX, conf.tamper):
found = False found = False
tfile = tfile.strip() tfile = tfile.strip()
@ -1276,13 +1277,19 @@ def __cleanupOptions():
if conf.testParameter: if conf.testParameter:
conf.testParameter = urldecode(conf.testParameter) conf.testParameter = urldecode(conf.testParameter)
conf.testParameter = conf.testParameter.replace(" ", "") conf.testParameter = conf.testParameter.replace(" ", "")
conf.testParameter = conf.testParameter.split(",") conf.testParameter = re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)
else: else:
conf.testParameter = [] conf.testParameter = []
if conf.user: if conf.user:
conf.user = conf.user.replace(" ", "") conf.user = conf.user.replace(" ", "")
if conf.rParam:
conf.rParam = conf.rParam.replace(" ", "")
conf.rParam = re.split(PARAMETER_SPLITTING_REGEX, conf.rParam)
else:
conf.rParam = []
if conf.delay: if conf.delay:
conf.delay = float(conf.delay) conf.delay = float(conf.delay)

3
lib/core/settings.py
View File

@ -394,3 +394,6 @@ ORDER_BY_STEP = 10
# Maximum number of times for revalidation of a character in time-based injections # Maximum number of times for revalidation of a character in time-based injections
MAX_TIME_REVALIDATION_STEPS = 5 MAX_TIME_REVALIDATION_STEPS = 5
# Characters that can be used to split parameter values in provided command line (e.g. in --tamper)
PARAMETER_SPLITTING_REGEX = r'[,|;]'

7
lib/request/connect.py
View File

@ -580,15 +580,16 @@ class Connect:
retVal = re.sub("%s=[^&;]+" % randomParameter, "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString) retVal = re.sub("%s=[^&;]+" % randomParameter, "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
return retVal return retVal
for randomParameter in conf.rParam:
for item in [PLACE.GET, PLACE.POST, PLACE.COOKIE]: for item in [PLACE.GET, PLACE.POST, PLACE.COOKIE]:
if item in conf.parameters: if item in conf.parameters:
origValue = conf.parameters[item] origValue = conf.parameters[item]
if item == PLACE.GET and get: if item == PLACE.GET and get:
get = _randomizeParameter(get, conf.rParam) get = _randomizeParameter(get, randomParameter)
elif item == PLACE.POST and post: elif item == PLACE.POST and post:
post = _randomizeParameter(post, conf.rParam) post = _randomizeParameter(post, randomParameter)
elif item == PLACE.COOKIE and cookie: elif item == PLACE.COOKIE and cookie:
cookie = _randomizeParameter(cookie, conf.rParam) cookie = _randomizeParameter(cookie, randomParameter)
get = urlencode(get, limit=True) get = urlencode(get, limit=True)
post = urlencode(post) post = urlencode(post)