mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Search for --string and --regexp matches also in HTTP response headers
This commit is contained in:
parent
6d22d09a61
commit
fff4c34e33
|
@ -804,13 +804,13 @@ def checkString():
|
||||||
infoMsg += "target URL page content"
|
infoMsg += "target URL page content"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
page, _ = Request.queryPage(content=True)
|
page, headers = Request.queryPage(content=True)
|
||||||
|
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
|
||||||
|
|
||||||
if conf.string not in page:
|
if conf.string not in rawResponse:
|
||||||
warnMsg = "you provided '%s' as the string to " % conf.string
|
warnMsg = "you provided '%s' as the string to " % conf.string
|
||||||
warnMsg += "match, but such a string is not within the target "
|
warnMsg += "match, but such a string is not within the target "
|
||||||
warnMsg += "URL page content original request, sqlmap will "
|
warnMsg += "URL raw response, sqlmap will carry on anyway"
|
||||||
warnMsg += "keep going anyway"
|
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
@ -823,13 +823,14 @@ def checkRegexp():
|
||||||
infoMsg += "the target URL page content"
|
infoMsg += "the target URL page content"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
page, _ = Request.queryPage(content=True)
|
page, headers = Request.queryPage(content=True)
|
||||||
|
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
|
||||||
|
|
||||||
if not re.search(conf.regexp, page, re.I | re.M):
|
if not re.search(conf.regexp, rawResponse, re.I | re.M):
|
||||||
warnMsg = "you provided '%s' as the regular expression to " % conf.regexp
|
warnMsg = "you provided '%s' as the regular expression to " % conf.regexp
|
||||||
warnMsg += "match, but such a regular expression does not have any "
|
warnMsg += "match, but such a regular expression does not have any "
|
||||||
warnMsg += "match within the target URL page content, sqlmap "
|
warnMsg += "match within the target URL raw response, sqlmap "
|
||||||
warnMsg += "will keep going anyway"
|
warnMsg += "will carry on anyway"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
|
@ -11,6 +11,7 @@ import re
|
||||||
|
|
||||||
from lib.core.common import extractRegexResult
|
from lib.core.common import extractRegexResult
|
||||||
from lib.core.common import getFilteredPageContent
|
from lib.core.common import getFilteredPageContent
|
||||||
|
from lib.core.common import listToStrValue
|
||||||
from lib.core.common import removeDynamicContent
|
from lib.core.common import removeDynamicContent
|
||||||
from lib.core.common import wasLastRequestDBMSError
|
from lib.core.common import wasLastRequestDBMSError
|
||||||
from lib.core.common import wasLastRequestHTTPError
|
from lib.core.common import wasLastRequestHTTPError
|
||||||
|
@ -27,7 +28,7 @@ from lib.core.settings import LOWER_RATIO_BOUND
|
||||||
from lib.core.settings import UPPER_RATIO_BOUND
|
from lib.core.settings import UPPER_RATIO_BOUND
|
||||||
from lib.core.threads import getCurrentThreadData
|
from lib.core.threads import getCurrentThreadData
|
||||||
|
|
||||||
def comparison(page, getRatioValue=False, pageLength=None):
|
def comparison(page, headers, getRatioValue=False, pageLength=None):
|
||||||
if page is None and pageLength is None:
|
if page is None and pageLength is None:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
@ -37,18 +38,17 @@ def comparison(page, getRatioValue=False, pageLength=None):
|
||||||
seqMatcher.set_seq1(kb.pageTemplate)
|
seqMatcher.set_seq1(kb.pageTemplate)
|
||||||
|
|
||||||
if any([conf.string, conf.regexp]):
|
if any([conf.string, conf.regexp]):
|
||||||
if page:
|
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
|
||||||
# String to match in page when the query is valid
|
|
||||||
if conf.string:
|
|
||||||
condition = conf.string in page
|
|
||||||
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
|
|
||||||
|
|
||||||
# Regular expression to match in page when the query is valid
|
# String to match in page when the query is valid
|
||||||
if conf.regexp:
|
if conf.string:
|
||||||
condition = re.search(conf.regexp, page, re.I | re.M) is not None
|
condition = conf.string in rawResponse
|
||||||
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
|
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
|
||||||
else:
|
|
||||||
return None
|
# Regular expression to match in page when the query is valid
|
||||||
|
if conf.regexp:
|
||||||
|
condition = re.search(conf.regexp, rawResponse, re.I | re.M) is not None
|
||||||
|
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
|
||||||
|
|
||||||
if page:
|
if page:
|
||||||
# In case of an DBMS error page return None
|
# In case of an DBMS error page return None
|
||||||
|
|
|
@ -643,8 +643,8 @@ class Connect:
|
||||||
page = removeReflectiveValues(page, payload)
|
page = removeReflectiveValues(page, payload)
|
||||||
|
|
||||||
if getRatioValue:
|
if getRatioValue:
|
||||||
return comparison(page, getRatioValue=False, pageLength=pageLength), comparison(page, getRatioValue=True, pageLength=pageLength)
|
return comparison(page, headers, getRatioValue=False, pageLength=pageLength), comparison(page, headers, getRatioValue=True, pageLength=pageLength)
|
||||||
elif pageLength or page:
|
elif pageLength or page:
|
||||||
return comparison(page, getRatioValue, pageLength)
|
return comparison(page, headers, getRatioValue, pageLength)
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
|
@ -108,8 +108,8 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
|
||||||
for count in range(lowerCount, upperCount+1):
|
for count in range(lowerCount, upperCount+1):
|
||||||
query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar)
|
query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar)
|
||||||
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
|
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
|
||||||
page, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
|
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||||
ratio = comparison(page, True) or MIN_RATIO
|
ratio = comparison(page, headers, True) or MIN_RATIO
|
||||||
ratios.append(ratio)
|
ratios.append(ratio)
|
||||||
min_, max_ = min(min_, ratio), max(max_, ratio)
|
min_, max_ = min(min_, ratio), max(max_, ratio)
|
||||||
items.append((count, ratio))
|
items.append((count, ratio))
|
||||||
|
|
Loading…
Reference in New Issue
Block a user