adding compatibility support for using --crawl and --forms together

2025-12-09 14:11:29 +00:00 · 2011-10-29 09:32:20 +00:00
parent ddc4dfe5ff
commit ef987c6954
4 changed files with 16 additions and 9 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3073,7 +3073,7 @@ def asciifyUrl(url, forceQuote=False):

 def findPageForms(content, url, raise_=False, addToTargets=False):
    class _(StringIO):
-        def __init__(self):
+        def __init__(self, content, url):
            StringIO.__init__(self, unicodeencode(content, kb.pageEncoding) if isinstance(content, unicode) else content)
            self._url = url
        def geturl(self):
@@ -3083,17 +3083,21 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
        errMsg = "can't parse forms as the page content appears to be blank"
        raise sqlmapGenericException, errMsg

+    forms = None
    retVal = set()
-    response = _()
+    response = _(content, url)
    try:
        forms = ParseResponse(response, backwards_compat=False)
    except ParseError:
        errMsg = "badly formed HTML at the target url. will try to filter it"
        logger.error(errMsg)
        response.seek(0)
-        filtered = _("".join(re.findall(r'<form.+?</form>', response.read(), re.I | re.S)), response.geturl())
+        filtered = re.findall(r'<form.+?</form>', response.read(), re.I | re.S)
+        for i in xrange(len(filtered)):
+            filtered[i] = filtered[i][filtered[i].lower().rfind("<form"):]
+        response = _("".join(filtered), response.geturl())
        try:
-            forms = ParseResponse(filtered, backwards_compat=False)
+            forms = ParseResponse(response, backwards_compat=False)
        except ParseError:
            errMsg = "no success"
            if raise_:
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -522,7 +522,7 @@ def __setBulkMultipleTargets():
    f.close()

 def __findPageForms():
-    if not conf.forms:
+    if not conf.forms or conf.crawlDepth:
        return

    if not checkConnection():
@@ -1796,10 +1796,6 @@ def __basicOptionValidation():
        errMsg = "switch --forms is compatible only with -u (--url) target switch"
        raise sqlmapSyntaxException, errMsg

-    if conf.forms and conf.crawlDepth:
-        errMsg = "switch --forms is currently not compatible with --crawl switch"
-        raise sqlmapSyntaxException, errMsg
-
    if conf.timeSec < 1:
        errMsg = "value for --time-sec option must be an integer greater than 0"
        raise sqlmapSyntaxException, errMsg