From f06e498fb08bbfcad8141477876ce9cef18e9c34 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 29 Apr 2016 14:19:32 +0200 Subject: [PATCH] Implementation for an Issue #1826 --- lib/core/agent.py | 11 +++++++++-- lib/core/common.py | 12 ++++++++++++ lib/core/settings.py | 3 ++- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index e645f46e9..a2878b553 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -35,6 +35,7 @@ from lib.core.enums import PLACE from lib.core.enums import POST_HINT from lib.core.exception import SqlmapNoneDataException from lib.core.settings import BOUNDARY_BACKSLASH_MARKER +from lib.core.settings import BOUNDED_INJECTION_MARKER from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER @@ -96,9 +97,12 @@ class Agent(object): paramDict = conf.paramDict[place] origValue = getUnicode(paramDict[parameter]) - if place == PLACE.URI: + if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue: paramString = origValue - origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0] + if place == PLACE.URI: + origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0] + else: + origValue = re.search(r"\w+\Z", origValue.split(BOUNDED_INJECTION_MARKER)[0]).group(0) origValue = origValue[origValue.rfind('/') + 1:] for char in ('?', '=', ':'): if char in origValue: @@ -162,6 +166,9 @@ class Agent(object): newValue = newValue.replace(CUSTOM_INJECTION_MARK_CHAR, REPLACEMENT_MARKER) retVal = paramString.replace(_, self.addPayloadDelimiters(newValue)) retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(REPLACEMENT_MARKER, CUSTOM_INJECTION_MARK_CHAR) + elif BOUNDED_INJECTION_MARKER in paramDict[parameter]: + _ = "%s%s" % (origValue, BOUNDED_INJECTION_MARKER) + retVal = "%s=%s" % (parameter, paramString.replace(_, self.addPayloadDelimiters(newValue))) elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST): retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue)) else: diff --git a/lib/core/common.py b/lib/core/common.py index 78471cd23..c82364e0d 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -91,6 +91,7 @@ from lib.core.log import LOGGER_HANDLER from lib.core.optiondict import optDict from lib.core.settings import BANNER from lib.core.settings import BOLD_PATTERNS +from lib.core.settings import BOUNDED_INJECTION_MARKER from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES from lib.core.settings import BRUTE_DOC_ROOT_TARGET_MARK @@ -599,6 +600,17 @@ def paramToDict(place, parameters=None): warnMsg += "so sqlmap could be able to run properly" logger.warn(warnMsg) + if place in (PLACE.POST, PLACE.GET): + regex = r"\A([^\w]+.*\w+)([^\w]+)\Z" + match = re.search(regex, testableParameters[parameter]) + if match: + _ = re.sub(regex, "\g<1>%s\g<2>" % CUSTOM_INJECTION_MARK_CHAR, testableParameters[parameter]) + message = "it appears that provided value for %s parameter '%s' " % (place, parameter) + message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _ + test = readInput(message, default="N") + if test[0] in ("y", "Y"): + testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter]) + if conf.testParameter and not testableParameters: paramStr = ", ".join(test for test in conf.testParameter) diff --git a/lib/core/settings.py b/lib/core/settings.py index 9b3d5aa87..848298844 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.4.23" +VERSION = "1.0.4.24" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") @@ -60,6 +60,7 @@ PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__" URI_QUESTION_MARKER = "__QUESTION_MARK__" ASTERISK_MARKER = "__ASTERISK_MARK__" REPLACEMENT_MARKER = "__REPLACEMENT_MARK__" +BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION_MARK__" RANDOM_INTEGER_MARKER = "[RANDINT]" RANDOM_STRING_MARKER = "[RANDSTR]"