Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196.

2025-12-06 12:41:30 +00:00 · 2010-06-29 21:07:23 +00:00
parent ea45d75f2d
commit 8576817a2b
5 changed files with 66 additions and 22 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -24,6 +24,8 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 import re

+from xml.etree import ElementTree as ET
+
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.convert import urlencode
@@ -33,7 +35,6 @@ from lib.core.data import queries
 from lib.core.data import temp
 from lib.core.exception import sqlmapNoneDataException

-
 class Agent:
    """
    This class defines the SQL agent methods.
@@ -82,16 +83,36 @@ class Agent:
            paramString = conf.parameters[kb.injPlace]
            paramDict = conf.paramDict[kb.injPlace]
            value = paramDict[kb.injParameter]
-            retValue = paramString.replace("%s=%s" % (kb.injParameter, value),
-                                           "%s=%s%s" % (kb.injParameter, negValue, value + falseValue + newValue))
+
+            if "POSTxml" in conf.paramDict and kb.injPlace == "POST":
+                root = ET.XML(paramString)
+                iterator = root.getiterator(kb.injParameter)
+
+                for child in iterator:
+                    child.text = "%s%s" % (negValue, value + falseValue + newValue)
+
+                retValue = ET.tostring(root)
+            else:
+                retValue = paramString.replace("%s=%s" % (kb.injParameter, value),
+                                               "%s=%s%s" % (kb.injParameter, negValue, value + falseValue + newValue))

        # Before identifing the injectable parameter
        elif parameter == "User-Agent":
            retValue = value.replace(value, newValue)
        else:
            paramString = conf.parameters[place]
-            retValue = paramString.replace("%s=%s" % (parameter, value),
-                                           "%s=%s" % (parameter, newValue))
+
+            if "POSTxml" in conf.paramDict and place == "POST":
+                root = ET.XML(paramString)
+                iterator = root.getiterator(parameter)
+
+                for child in iterator:
+                    child.text = newValue
+
+                retValue = ET.tostring(root)
+            else:
+                retValue = paramString.replace("%s=%s" % (parameter, value),
+                                               "%s=%s" % (parameter, newValue))

        return retValue