Search for --string and --regexp matches also in HTTP response headers

This commit is contained in:
Bernardo Damele 2011-08-12 15:33:37 +00:00
parent 6d22d09a61
commit fff4c34e33
4 changed files with 25 additions and 24 deletions

View File

@ -804,13 +804,13 @@ def checkString():
infoMsg += "target URL page content" infoMsg += "target URL page content"
logger.info(infoMsg) logger.info(infoMsg)
page, _ = Request.queryPage(content=True) page, headers = Request.queryPage(content=True)
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
if conf.string not in page: if conf.string not in rawResponse:
warnMsg = "you provided '%s' as the string to " % conf.string warnMsg = "you provided '%s' as the string to " % conf.string
warnMsg += "match, but such a string is not within the target " warnMsg += "match, but such a string is not within the target "
warnMsg += "URL page content original request, sqlmap will " warnMsg += "URL raw response, sqlmap will carry on anyway"
warnMsg += "keep going anyway"
logger.warn(warnMsg) logger.warn(warnMsg)
return True return True
@ -823,13 +823,14 @@ def checkRegexp():
infoMsg += "the target URL page content" infoMsg += "the target URL page content"
logger.info(infoMsg) logger.info(infoMsg)
page, _ = Request.queryPage(content=True) page, headers = Request.queryPage(content=True)
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
if not re.search(conf.regexp, page, re.I | re.M): if not re.search(conf.regexp, rawResponse, re.I | re.M):
warnMsg = "you provided '%s' as the regular expression to " % conf.regexp warnMsg = "you provided '%s' as the regular expression to " % conf.regexp
warnMsg += "match, but such a regular expression does not have any " warnMsg += "match, but such a regular expression does not have any "
warnMsg += "match within the target URL page content, sqlmap " warnMsg += "match within the target URL raw response, sqlmap "
warnMsg += "will keep going anyway" warnMsg += "will carry on anyway"
logger.warn(warnMsg) logger.warn(warnMsg)
return True return True

View File

@ -11,6 +11,7 @@ import re
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import getFilteredPageContent from lib.core.common import getFilteredPageContent
from lib.core.common import listToStrValue
from lib.core.common import removeDynamicContent from lib.core.common import removeDynamicContent
from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastRequestDBMSError
from lib.core.common import wasLastRequestHTTPError from lib.core.common import wasLastRequestHTTPError
@ -27,7 +28,7 @@ from lib.core.settings import LOWER_RATIO_BOUND
from lib.core.settings import UPPER_RATIO_BOUND from lib.core.settings import UPPER_RATIO_BOUND
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
def comparison(page, getRatioValue=False, pageLength=None): def comparison(page, headers, getRatioValue=False, pageLength=None):
if page is None and pageLength is None: if page is None and pageLength is None:
return None return None
@ -37,18 +38,17 @@ def comparison(page, getRatioValue=False, pageLength=None):
seqMatcher.set_seq1(kb.pageTemplate) seqMatcher.set_seq1(kb.pageTemplate)
if any([conf.string, conf.regexp]): if any([conf.string, conf.regexp]):
if page: rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
# String to match in page when the query is valid # String to match in page when the query is valid
if conf.string: if conf.string:
condition = conf.string in page condition = conf.string in rawResponse
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO) return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
# Regular expression to match in page when the query is valid # Regular expression to match in page when the query is valid
if conf.regexp: if conf.regexp:
condition = re.search(conf.regexp, page, re.I | re.M) is not None condition = re.search(conf.regexp, rawResponse, re.I | re.M) is not None
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO) return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
else:
return None
if page: if page:
# In case of an DBMS error page return None # In case of an DBMS error page return None

View File

@ -643,8 +643,8 @@ class Connect:
page = removeReflectiveValues(page, payload) page = removeReflectiveValues(page, payload)
if getRatioValue: if getRatioValue:
return comparison(page, getRatioValue=False, pageLength=pageLength), comparison(page, getRatioValue=True, pageLength=pageLength) return comparison(page, headers, getRatioValue=False, pageLength=pageLength), comparison(page, headers, getRatioValue=True, pageLength=pageLength)
elif pageLength or page: elif pageLength or page:
return comparison(page, getRatioValue, pageLength) return comparison(page, headers, getRatioValue, pageLength)
else: else:
return False return False

View File

@ -108,8 +108,8 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
for count in range(lowerCount, upperCount+1): for count in range(lowerCount, upperCount+1):
query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar) query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar)
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
page, _ = Request.queryPage(payload, place=place, content=True, raise404=False) page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
ratio = comparison(page, True) or MIN_RATIO ratio = comparison(page, headers, True) or MIN_RATIO
ratios.append(ratio) ratios.append(ratio)
min_, max_ = min(min_, ratio), max(max_, ratio) min_, max_ = min(min_, ratio), max(max_, ratio)
items.append((count, ratio)) items.append((count, ratio))