mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-06 12:41:30 +00:00
Update for an Issue #431
This commit is contained in:
Miroslav Stampar
@@ -311,13 +311,13 @@ def start():
|
||||
if conf.forms:
|
||||
message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
|
||||
else:
|
||||
message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
|
||||
message = "URL %d:\n%s %s%s" % (hostCount, HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
|
||||
|
||||
if conf.cookie:
|
||||
message += "\nCookie: %s" % conf.cookie
|
||||
|
||||
if conf.data is not None:
|
||||
message += "\nPOST data: %s" % urlencode(conf.data) if conf.data else ""
|
||||
message += "\n%s data: %s" % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST, urlencode(conf.data) if conf.data else "")
|
||||
|
||||
if conf.forms:
|
||||
if conf.method == HTTPMETHOD.GET and targetUrl.find("?") == -1:
|
||||
@@ -327,13 +327,13 @@ def start():
|
||||
test = readInput(message, default="Y")
|
||||
|
||||
if not test or test[0] in ("y", "Y"):
|
||||
if conf.method == HTTPMETHOD.POST:
|
||||
message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
|
||||
if conf.method != HTTPMETHOD.GET:
|
||||
message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
|
||||
conf.data = readInput(message, default=conf.data)
|
||||
conf.data = _randomFillBlankFields(conf.data)
|
||||
conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data
|
||||
|
||||
elif conf.method == HTTPMETHOD.GET:
|
||||
else:
|
||||
if targetUrl.find("?") > -1:
|
||||
firstPart = targetUrl[:targetUrl.find("?")]
|
||||
secondPart = targetUrl[targetUrl.find("?") + 1:]
|
||||
@@ -428,6 +428,8 @@ def start():
|
||||
|
||||
paramDict = conf.paramDict[place]
|
||||
|
||||
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
||||
|
||||
for parameter, value in paramDict.items():
|
||||
if not proceed:
|
||||
break
|
||||
@@ -439,7 +441,7 @@ def start():
|
||||
if paramKey in kb.testedParams:
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif parameter in conf.testParameter:
|
||||
@@ -448,13 +450,13 @@ def start():
|
||||
elif parameter == conf.rParam:
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "skipping randomizing %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "skipping randomizing %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif parameter in conf.skip:
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "skipping %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif parameter == conf.csrfToken:
|
||||
@@ -467,18 +469,18 @@ def start():
|
||||
elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "ignoring %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
|
||||
check = checkDynParam(place, parameter, value)
|
||||
|
||||
if not check:
|
||||
warnMsg = "%s parameter '%s' does not appear dynamic" % (place, parameter)
|
||||
warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
else:
|
||||
infoMsg = "%s parameter '%s' is dynamic" % (place, parameter)
|
||||
infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.testedParams.add(paramKey)
|
||||
@@ -488,11 +490,11 @@ def start():
|
||||
|
||||
if check != HEURISTIC_TEST.POSITIVE:
|
||||
if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
|
||||
infoMsg = "skipping %s parameter '%s'" % (place, parameter)
|
||||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
continue
|
||||
|
||||
infoMsg = "testing for SQL injection on %s " % place
|
||||
infoMsg = "testing for SQL injection on %s " % paramType
|
||||
infoMsg += "parameter '%s'" % parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
@@ -515,7 +517,7 @@ def start():
|
||||
paramKey = (conf.hostname, conf.path, None, None)
|
||||
kb.testedParams.add(paramKey)
|
||||
else:
|
||||
warnMsg = "%s parameter '%s' is not " % (place, parameter)
|
||||
warnMsg = "%s parameter '%s' is not " % (paramType, parameter)
|
||||
warnMsg += "injectable"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user