mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-23 15:54:24 +03:00
Update for an Issue #431
This commit is contained in:
parent
1fc4d0e3c4
commit
f0802c6fb9
|
@ -85,6 +85,8 @@ def checkSqlInjection(place, parameter, value):
|
|||
# Set the flag for SQL injection test mode
|
||||
kb.testMode = True
|
||||
|
||||
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
||||
|
||||
tests = getSortedInjectionTests()
|
||||
|
||||
while tests:
|
||||
|
@ -403,7 +405,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
|
||||
# Perform the test's False request
|
||||
if not falseResult:
|
||||
infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (place, parameter, title)
|
||||
infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (paramType, parameter, title)
|
||||
logger.info(infoMsg)
|
||||
|
||||
injectable = True
|
||||
|
@ -414,7 +416,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage and _.strip() not in threadData.lastComparisonHeaders else None for _ in (trueSet - falseSet)))
|
||||
if candidates:
|
||||
conf.string = candidates[0]
|
||||
infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'"))
|
||||
infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'"))
|
||||
logger.info(infoMsg)
|
||||
|
||||
injectable = True
|
||||
|
@ -437,7 +439,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
result = output == "1"
|
||||
|
||||
if result:
|
||||
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
|
||||
infoMsg = "%s parameter '%s' is '%s' injectable " % (paramType, parameter, title)
|
||||
logger.info(infoMsg)
|
||||
|
||||
injectable = True
|
||||
|
@ -459,7 +461,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True, raise404=False)
|
||||
|
||||
if trueResult:
|
||||
infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (place, parameter, title)
|
||||
infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (paramType, parameter, title)
|
||||
logger.info(infoMsg)
|
||||
|
||||
injectable = True
|
||||
|
@ -495,7 +497,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
|
||||
|
||||
if isinstance(reqPayload, basestring):
|
||||
infoMsg = "%s parameter '%s' is '%s' injectable" % (place, parameter, title)
|
||||
infoMsg = "%s parameter '%s' is '%s' injectable" % (paramType, parameter, title)
|
||||
logger.info(infoMsg)
|
||||
|
||||
injectable = True
|
||||
|
@ -787,6 +789,8 @@ def heuristicCheckSqlInjection(place, parameter):
|
|||
|
||||
origValue = conf.paramDict[place][parameter]
|
||||
|
||||
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
||||
|
||||
prefix = ""
|
||||
suffix = ""
|
||||
|
||||
|
@ -812,8 +816,8 @@ def heuristicCheckSqlInjection(place, parameter):
|
|||
parseFilePaths(page)
|
||||
result = wasLastResponseDBMSError()
|
||||
|
||||
infoMsg = "heuristic (basic) test shows that %s " % place
|
||||
infoMsg += "parameter '%s' might " % parameter
|
||||
infoMsg = "heuristic (basic) test shows that %s parameter " % paramType
|
||||
infoMsg += "'%s' might " % parameter
|
||||
|
||||
def _(page):
|
||||
return any(_ in (page or "") for _ in FORMAT_EXCEPTION_STRINGS)
|
||||
|
@ -861,9 +865,11 @@ def heuristicCheckSqlInjection(place, parameter):
|
|||
payload = agent.payload(place, parameter, newValue=payload)
|
||||
page, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||
|
||||
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
||||
|
||||
if value in (page or ""):
|
||||
infoMsg = "heuristic (XSS) test shows that %s " % place
|
||||
infoMsg += "parameter '%s' might " % parameter
|
||||
infoMsg = "heuristic (XSS) test shows that %s parameter " % paramType
|
||||
infoMsg += "'%s' might " % parameter
|
||||
infoMsg += "be vulnerable to XSS attacks"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -885,7 +891,9 @@ def checkDynParam(place, parameter, value):
|
|||
dynResult = None
|
||||
randInt = randomInt()
|
||||
|
||||
infoMsg = "testing if %s parameter '%s' is dynamic" % (place, parameter)
|
||||
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
||||
|
||||
infoMsg = "testing if %s parameter '%s' is dynamic" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
try:
|
||||
|
@ -893,7 +901,7 @@ def checkDynParam(place, parameter, value):
|
|||
dynResult = Request.queryPage(payload, place, raise404=False)
|
||||
|
||||
if not dynResult:
|
||||
infoMsg = "confirming that %s parameter '%s' is dynamic" % (place, parameter)
|
||||
infoMsg = "confirming that %s parameter '%s' is dynamic" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
randInt = randomInt()
|
||||
|
|
|
@ -311,13 +311,13 @@ def start():
|
|||
if conf.forms:
|
||||
message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
|
||||
else:
|
||||
message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
|
||||
message = "URL %d:\n%s %s%s" % (hostCount, HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
|
||||
|
||||
if conf.cookie:
|
||||
message += "\nCookie: %s" % conf.cookie
|
||||
|
||||
if conf.data is not None:
|
||||
message += "\nPOST data: %s" % urlencode(conf.data) if conf.data else ""
|
||||
message += "\n%s data: %s" % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST, urlencode(conf.data) if conf.data else "")
|
||||
|
||||
if conf.forms:
|
||||
if conf.method == HTTPMETHOD.GET and targetUrl.find("?") == -1:
|
||||
|
@ -327,13 +327,13 @@ def start():
|
|||
test = readInput(message, default="Y")
|
||||
|
||||
if not test or test[0] in ("y", "Y"):
|
||||
if conf.method == HTTPMETHOD.POST:
|
||||
message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
|
||||
if conf.method != HTTPMETHOD.GET:
|
||||
message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
|
||||
conf.data = readInput(message, default=conf.data)
|
||||
conf.data = _randomFillBlankFields(conf.data)
|
||||
conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data
|
||||
|
||||
elif conf.method == HTTPMETHOD.GET:
|
||||
else:
|
||||
if targetUrl.find("?") > -1:
|
||||
firstPart = targetUrl[:targetUrl.find("?")]
|
||||
secondPart = targetUrl[targetUrl.find("?") + 1:]
|
||||
|
@ -428,6 +428,8 @@ def start():
|
|||
|
||||
paramDict = conf.paramDict[place]
|
||||
|
||||
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
||||
|
||||
for parameter, value in paramDict.items():
|
||||
if not proceed:
|
||||
break
|
||||
|
@ -439,7 +441,7 @@ def start():
|
|||
if paramKey in kb.testedParams:
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif parameter in conf.testParameter:
|
||||
|
@ -448,13 +450,13 @@ def start():
|
|||
elif parameter == conf.rParam:
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "skipping randomizing %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "skipping randomizing %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif parameter in conf.skip:
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "skipping %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif parameter == conf.csrfToken:
|
||||
|
@ -467,18 +469,18 @@ def start():
|
|||
elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "ignoring %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
|
||||
check = checkDynParam(place, parameter, value)
|
||||
|
||||
if not check:
|
||||
warnMsg = "%s parameter '%s' does not appear dynamic" % (place, parameter)
|
||||
warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
else:
|
||||
infoMsg = "%s parameter '%s' is dynamic" % (place, parameter)
|
||||
infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.testedParams.add(paramKey)
|
||||
|
@ -488,11 +490,11 @@ def start():
|
|||
|
||||
if check != HEURISTIC_TEST.POSITIVE:
|
||||
if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
|
||||
infoMsg = "skipping %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
continue
|
||||
|
||||
infoMsg = "testing for SQL injection on %s " % place
|
||||
infoMsg = "testing for SQL injection on %s " % paramType
|
||||
infoMsg += "parameter '%s'" % parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -515,7 +517,7 @@ def start():
|
|||
paramKey = (conf.hostname, conf.path, None, None)
|
||||
kb.testedParams.add(paramKey)
|
||||
else:
|
||||
warnMsg = "%s parameter '%s' is not " % (place, parameter)
|
||||
warnMsg = "%s parameter '%s' is not " % (paramType, parameter)
|
||||
warnMsg += "injectable"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
|
|
|
@ -285,7 +285,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
|
|||
line = line.strip('\r')
|
||||
match = re.search(r"\A(%s) (.+) HTTP/[\d.]+\Z" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), line) if not method else None
|
||||
|
||||
if len(line) == 0 and method in (HTTPMETHOD.POST, HTTPMETHOD.PUT) and data is None:
|
||||
if len(line) == 0 and method and method != HTTPMETHOD.GET and data is None:
|
||||
data = ""
|
||||
params = True
|
||||
|
||||
|
@ -1780,11 +1780,11 @@ def _useWizardInterface():
|
|||
message = "Please enter full target URL (-u): "
|
||||
conf.url = readInput(message, default=None)
|
||||
|
||||
message = "POST data (--data) [Enter for None]: "
|
||||
message = "%s data (--data) [Enter for None]: " % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST)
|
||||
conf.data = readInput(message, default=None)
|
||||
|
||||
if not (filter(lambda _: '=' in unicode(_), (conf.url, conf.data)) or '*' in conf.url):
|
||||
warnMsg = "no GET and/or POST parameter(s) found for testing "
|
||||
warnMsg = "no GET and/or %s parameter(s) found for testing " % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST)
|
||||
warnMsg += "(e.g. GET parameter 'id' in 'http://www.site.com/vuln.php?id=1'). "
|
||||
if not conf.crawlDepth and not conf.forms:
|
||||
warnMsg += "Will search for forms"
|
||||
|
|
Loading…
Reference in New Issue
Block a user