Search for --string and --regexp matches also in HTTP response headers

2024-11-22 09:36:35 +03:00 · 2011-08-12 15:33:37 +00:00 · 2011-08-12 15:33:37 +00:00 · fff4c34e33
commit fff4c34e33
parent 6d22d09a61
4 changed files with 25 additions and 24 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -804,13 +804,13 @@ def checkString():
    infoMsg += "target URL page content"
    logger.info(infoMsg)

-    page, _ = Request.queryPage(content=True)
+    page, headers = Request.queryPage(content=True)
+    rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)

-    if conf.string not in page:
+    if conf.string not in rawResponse:
        warnMsg = "you provided '%s' as the string to " % conf.string
        warnMsg += "match, but such a string is not within the target "
-        warnMsg += "URL page content original request, sqlmap will "
-        warnMsg += "keep going anyway"
+        warnMsg += "URL raw response, sqlmap will carry on anyway"
        logger.warn(warnMsg)

    return True
@ -823,13 +823,14 @@ def checkRegexp():
    infoMsg += "the target URL page content"
    logger.info(infoMsg)

-    page, _ = Request.queryPage(content=True)
+    page, headers = Request.queryPage(content=True)
+    rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)

-    if not re.search(conf.regexp, page, re.I | re.M):
+    if not re.search(conf.regexp, rawResponse, re.I | re.M):
        warnMsg = "you provided '%s' as the regular expression to " % conf.regexp
        warnMsg += "match, but such a regular expression does not have any "
-        warnMsg += "match within the target URL page content, sqlmap "
-        warnMsg += "will keep going anyway"
+        warnMsg += "match within the target URL raw response, sqlmap "
+        warnMsg += "will carry on anyway"
        logger.warn(warnMsg)

    return True
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -11,6 +11,7 @@ import re

 from lib.core.common import extractRegexResult
 from lib.core.common import getFilteredPageContent
+from lib.core.common import listToStrValue
 from lib.core.common import removeDynamicContent
 from lib.core.common import wasLastRequestDBMSError
 from lib.core.common import wasLastRequestHTTPError
@ -27,7 +28,7 @@ from lib.core.settings import LOWER_RATIO_BOUND
 from lib.core.settings import UPPER_RATIO_BOUND
 from lib.core.threads import getCurrentThreadData

-def comparison(page, getRatioValue=False, pageLength=None):
+def comparison(page, headers, getRatioValue=False, pageLength=None):
    if page is None and pageLength is None:
        return None

@ -37,18 +38,17 @@ def comparison(page, getRatioValue=False, pageLength=None):
    seqMatcher.set_seq1(kb.pageTemplate)

    if any([conf.string, conf.regexp]):
-        if page:
+        rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
+
        # String to match in page when the query is valid
        if conf.string:
-                condition = conf.string in page
+            condition = conf.string in rawResponse
            return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)

        # Regular expression to match in page when the query is valid
        if conf.regexp:
-                condition = re.search(conf.regexp, page, re.I | re.M) is not None
+            condition = re.search(conf.regexp, rawResponse, re.I | re.M) is not None
            return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
-        else:
-            return None

    if page:
        # In case of an DBMS error page return None
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -643,8 +643,8 @@ class Connect:
        page = removeReflectiveValues(page, payload)

        if getRatioValue:
-            return comparison(page, getRatioValue=False, pageLength=pageLength), comparison(page, getRatioValue=True, pageLength=pageLength)
+            return comparison(page, headers, getRatioValue=False, pageLength=pageLength), comparison(page, headers, getRatioValue=True, pageLength=pageLength)
        elif pageLength or page:
-            return comparison(page, getRatioValue, pageLength)
+            return comparison(page, headers, getRatioValue, pageLength)
        else:
            return False
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@ -108,8 +108,8 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
    for count in range(lowerCount, upperCount+1):
        query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar)
        payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
-        page, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
-        ratio = comparison(page, True) or MIN_RATIO
+        page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
+        ratio = comparison(page, headers, True) or MIN_RATIO
        ratios.append(ratio)
        min_, max_ = min(min_, ratio), max(max_, ratio)
        items.append((count, ratio))