sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-31 20:36:01 +00:00
parent 777a19cfa9
commit fa58a9c86b
4 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@ -196,7 +196,7 @@ def start():
if conf.forms: if conf.forms:
message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl) message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
else: else:
message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, "(PR: %s)" % get_pagerank(targetUrl) if conf.googleDork else "") message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PR: %s)" % get_pagerank(targetUrl) if conf.googleDork else "")
if conf.cookie: if conf.cookie:
message += "\nCookie: %s" % conf.cookie message += "\nCookie: %s" % conf.cookie

3
lib/core/settings.py
View File

@ -217,3 +217,6 @@ UNICODE_ENCODING = "utf8"
# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri # Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
URI_HTTP_HEADER = "URI" URI_HTTP_HEADER = "URI"
# Uri format which could be injectable (e.g. www.site.com/id82)
URI_INJECTABLE_REGEX = r".*/([^\.*?]+)\Z"

4
lib/core/target.py
View File

@ -32,6 +32,7 @@ from lib.core.option import __setDBMS
from lib.core.option import __setKnowledgeBaseAttributes from lib.core.option import __setKnowledgeBaseAttributes
from lib.core.session import resumeConfKb from lib.core.session import resumeConfKb
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import URI_INJECTABLE_REGEX
from lib.core.xmldump import dumper as xmldumper from lib.core.xmldump import dumper as xmldumper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
@ -78,6 +79,9 @@ def __setRequestParams():
conf.method = HTTPMETHOD.POST conf.method = HTTPMETHOD.POST
if re.search(URI_INJECTABLE_REGEX, conf.url, re.I):
conf.url = "%s*" % conf.url
if "*" in conf.url: if "*" in conf.url:
conf.parameters[PLACE.URI] = conf.url conf.parameters[PLACE.URI] = conf.url
conf.paramDict[PLACE.URI] = {} conf.paramDict[PLACE.URI] = {}

5
lib/utils/google.py
View File

@ -22,6 +22,7 @@ from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import sqlmapConnectionException
from lib.core.exception import sqlmapGenericException from lib.core.exception import sqlmapGenericException
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import URI_INJECTABLE_REGEX
from lib.request.basic import decodePage from lib.request.basic import decodePage
class Google: class Google:
@ -59,8 +60,10 @@ class Google:
""" """
for match in self.__matches: for match in self.__matches:
if re.search("(.*?)\?(.+)", match, re.I): if re.search(r"(.*?)\?(.+)", match, re.I):
kb.targetUrls.add(( htmlunescape(htmlunescape(match)), None, None, None )) kb.targetUrls.add(( htmlunescape(htmlunescape(match)), None, None, None ))
elif re.search(URI_INJECTABLE_REGEX, match, re.I):
kb.targetUrls.add(( htmlunescape(htmlunescape("%s" % match)), None, None, None ))
def getCookie(self): def getCookie(self):
""" """