Merge branch 'master' of github.com:sqlmapproject/sqlmap

2025-12-23 16:09:03 +00:00 · 2012-07-26 23:11:11 +01:00
parent d492291744 cba387a0a0
commit 92c2b3bd4c
13 changed files with 65 additions and 26 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -118,7 +118,7 @@ class Agent:
            retVal = ET.tostring(root)
        elif place in (PLACE.URI, PLACE.CUSTOM_POST):
            retVal = paramString.replace("%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue))
-        elif place in (PLACE.UA, PLACE.REFERER, PLACE.HOST):
+        elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
            retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
        else:
            retVal = paramString.replace("%s=%s" % (parameter, origValue),
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -255,7 +255,7 @@ class Format:
        if "technology" in info:
            infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ")

-        return infoStr
+        return infoStr.lstrip()

 class Backend:
    # Set methods
@@ -2362,7 +2362,7 @@ def setOptimize():
    #conf.predictOutput = True
    conf.keepAlive = True
    conf.threads = 3 if conf.threads < 3 else conf.threads
-    conf.nullConnection = not any([conf.data, conf.textOnly, conf.titles, conf.string, conf.regexp, conf.tor])
+    conf.nullConnection = not any([conf.data, conf.textOnly, conf.titles, conf.string, conf.notString, conf.regexp, conf.tor])

    if not conf.nullConnection:
        debugMsg = "turning off --null-connection switch used indirectly by switch -o"
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -61,7 +61,7 @@ class PLACE:
    SOAP = "SOAP"
    URI = "URI"
    COOKIE = "Cookie"
-    UA = "User-Agent"
+    USER_AGENT = "User-Agent"
    REFERER = "Referer"
    HOST = "Host"
    CUSTOM_POST = "(custom) POST"
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1867,6 +1867,14 @@ def __basicOptionValidation():
        errMsg = "option '--string' is incompatible with switch '--null-connection'"
        raise sqlmapSyntaxException, errMsg

+    if conf.notString and conf.nullConnection:
+        errMsg = "option '--not-string' is incompatible with switch '--null-connection'"
+        raise sqlmapSyntaxException, errMsg
+
+    if conf.string and conf.notString:
+        errMsg = "option '--string' is incompatible with switch '--not-string'"
+        raise sqlmapSyntaxException, errMsg
+
    if conf.regexp and conf.nullConnection:
        errMsg = "option '--regexp' is incompatible with switch '--null-connection'"
        raise sqlmapSyntaxException, errMsg
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -76,6 +76,7 @@ optDict = {
                               "level":             "integer",
                               "risk":              "integer",
                               "string":            "string",
+                               "notString":         "notString",
                               "regexp":            "string",
                               "code":              "integer",
                               "textOnly":          "boolean",
@@ -87,7 +88,8 @@ optDict = {
                               "timeSec":           "integer",
                               "uCols":             "string",
                               "uChar":             "string",
-                               "dnsName":           "string"
+                               "dnsName":           "string",
+                               "secondOrder":       "string"
                             },

            "Fingerprint":   {
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -26,6 +26,7 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.dump import dumper
 from lib.core.enums import HASHDB_KEYS
+from lib.core.enums import HTTPHEADER
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import PLACE
 from lib.core.exception import sqlmapFilePathException
@@ -158,16 +159,18 @@ def __setRequestParams():
            # Url encoding of the header values should be avoided
            # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value

-            if httpHeader == PLACE.UA:
-                conf.parameters[PLACE.UA] = urldecode(headerValue)
+            httpHeader = "-".join(_.capitalize() for _ in (httpHeader or "").split("-"))
+
+            if httpHeader == HTTPHEADER.USER_AGENT:
+                conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)

                condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))

                if condition:
-                    conf.paramDict[PLACE.UA] = {PLACE.UA: headerValue}
+                    conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
                    testableParameters = True

-            elif httpHeader == PLACE.REFERER:
+            elif httpHeader == HTTPHEADER.REFERER:
                conf.parameters[PLACE.REFERER] = urldecode(headerValue)

                condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
@@ -176,7 +179,7 @@ def __setRequestParams():
                    conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
                    testableParameters = True

-            elif httpHeader == PLACE.HOST:
+            elif httpHeader == HTTPHEADER.HOST:
                conf.parameters[PLACE.HOST] = urldecode(headerValue)

                condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))