From eff7abd08072426c563c874ae1c2b45234e1e64f Mon Sep 17 00:00:00 2001 From: Marcel Gregoriadis Date: Wed, 5 Dec 2018 18:00:32 +0100 Subject: [PATCH] work with static csrf token names --- lib/core/target.py | 2 +- lib/request/connect.py | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/core/target.py b/lib/core/target.py index ed7834c5a..8b3707f3f 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -393,7 +393,7 @@ def _setRequestParams(): raise SqlmapGenericException(errMsg) if conf.csrfToken: - csrfTokenPattern = '' + csrfTokenPattern = "" strings = conf.csrfToken.split("*") for index, string in enumerate(strings): csrfTokenPattern += re.escape(string) diff --git a/lib/request/connect.py b/lib/request/connect.py index c4314f855..e7d5dabcd 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -61,6 +61,7 @@ from lib.core.common import unicodeencode from lib.core.common import unsafeVariableNaming from lib.core.common import urldecode from lib.core.common import urlencode +from lib.core.common import paramToDict from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -983,6 +984,20 @@ class Connect(object): r"(?i)]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P[^>'\"]*)" % conf.csrfTokenPattern, page or "") conf.csrfToken = extractRegexResult( r"(?i)]+\bname=[\"']?(?P%s)\b[^>]*\bvalue=[\"']?[^>'\"]*" % conf.csrfTokenPattern, page or "")[:-2] + + getParams = urlparse.parse_qs(conf.parameters[PLACE.GET]) + for key, value in getParams.items(): + if re.search(r"\b%s\b" % conf.csrfTokenPattern, key): + getParams[conf.csrfToken] = getParams[key] + del getParams[key] + + conf.parameters[PLACE.GET] = urllib.urlencode(getParams, doseq=True) + + paramDict = paramToDict(PLACE.GET, conf.parameters[PLACE.GET]) + + if paramDict: + conf.paramDict[PLACE.GET] = paramDict + print "ok" else: token = extractRegexResult(r"(?i)]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P[^>'\"]*)" % re.escape(conf.csrfToken), page or "") if not token: