mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 05:31:04 +03:00 
			
		
		
		
	adding compatibility support for using --crawl and --forms together
This commit is contained in:
		
							parent
							
								
									ddc4dfe5ff
								
							
						
					
					
						commit
						ef987c6954
					
				|  | @ -3363,6 +3363,9 @@ class HTMLForm: | |||
|             if self.enctype == "application/x-www-form-urlencoded": | ||||
|                 return (uri, urlencode(self._pairs()), | ||||
|                         [("Content-Type", self.enctype)]) | ||||
|             elif self.enctype == "text/plain": | ||||
|                 return (uri, self._pairs(), | ||||
|                         [("Content-Type", self.enctype)]) | ||||
|             elif self.enctype == "multipart/form-data": | ||||
|                 data = StringIO() | ||||
|                 http_hdrs = [] | ||||
|  |  | |||
|  | @ -3073,7 +3073,7 @@ def asciifyUrl(url, forceQuote=False): | |||
| 
 | ||||
| def findPageForms(content, url, raise_=False, addToTargets=False): | ||||
|     class _(StringIO): | ||||
|         def __init__(self): | ||||
|         def __init__(self, content, url): | ||||
|             StringIO.__init__(self, unicodeencode(content, kb.pageEncoding) if isinstance(content, unicode) else content) | ||||
|             self._url = url | ||||
|         def geturl(self): | ||||
|  | @ -3083,17 +3083,21 @@ def findPageForms(content, url, raise_=False, addToTargets=False): | |||
|         errMsg = "can't parse forms as the page content appears to be blank" | ||||
|         raise sqlmapGenericException, errMsg | ||||
| 
 | ||||
|     forms = None | ||||
|     retVal = set() | ||||
|     response = _() | ||||
|     response = _(content, url) | ||||
|     try: | ||||
|         forms = ParseResponse(response, backwards_compat=False) | ||||
|     except ParseError: | ||||
|         errMsg = "badly formed HTML at the target url. will try to filter it" | ||||
|         logger.error(errMsg) | ||||
|         response.seek(0) | ||||
|         filtered = _("".join(re.findall(r'<form.+?</form>', response.read(), re.I | re.S)), response.geturl()) | ||||
|         filtered = re.findall(r'<form.+?</form>', response.read(), re.I | re.S) | ||||
|         for i in xrange(len(filtered)): | ||||
|             filtered[i] = filtered[i][filtered[i].lower().rfind("<form"):] | ||||
|         response = _("".join(filtered), response.geturl()) | ||||
|         try: | ||||
|             forms = ParseResponse(filtered, backwards_compat=False) | ||||
|             forms = ParseResponse(response, backwards_compat=False) | ||||
|         except ParseError: | ||||
|             errMsg = "no success" | ||||
|             if raise_: | ||||
|  |  | |||
|  | @ -522,7 +522,7 @@ def __setBulkMultipleTargets(): | |||
|     f.close() | ||||
| 
 | ||||
| def __findPageForms(): | ||||
|     if not conf.forms: | ||||
|     if not conf.forms or conf.crawlDepth: | ||||
|         return | ||||
| 
 | ||||
|     if not checkConnection(): | ||||
|  | @ -1796,10 +1796,6 @@ def __basicOptionValidation(): | |||
|         errMsg = "switch --forms is compatible only with -u (--url) target switch" | ||||
|         raise sqlmapSyntaxException, errMsg | ||||
| 
 | ||||
|     if conf.forms and conf.crawlDepth: | ||||
|         errMsg = "switch --forms is currently not compatible with --crawl switch" | ||||
|         raise sqlmapSyntaxException, errMsg | ||||
| 
 | ||||
|     if conf.timeSec < 1: | ||||
|         errMsg = "value for --time-sec option must be an integer greater than 0" | ||||
|         raise sqlmapSyntaxException, errMsg | ||||
|  |  | |||
|  | @ -15,6 +15,7 @@ import time | |||
| 
 | ||||
| from lib.core.common import clearConsoleLine | ||||
| from lib.core.common import dataToStdout | ||||
| from lib.core.common import findPageForms | ||||
| from lib.core.common import singleTimeWarnMessage | ||||
| from lib.core.data import conf | ||||
| from lib.core.data import kb | ||||
|  | @ -92,6 +93,9 @@ class Crawler: | |||
|                                         threadData.shared.outputs.add(url) | ||||
|                                     kb.locks.outputs.release() | ||||
| 
 | ||||
|                         if conf.forms: | ||||
|                             findPageForms(content, current, False, True) | ||||
| 
 | ||||
|                     if conf.verbose in (1, 2): | ||||
|                         kb.locks.ioLock.acquire() | ||||
|                         threadData.shared.count += 1 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user