Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 00f190f

Browse files
stamparmstamparm
committed
Fixes #1303 
1 parent 49212ec commit 00f190f

3 files changed

Lines changed: 37 additions & 47 deletions

File tree

lib/controller/controller.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -430,6 +430,9 @@ def start():
430430
if skip:
431431
continue
432432

433+
if kb.testOnlyCustom and place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
434+
continue
435+
433436
if place not in conf.paramDict:
434437
continue
435438

lib/core/option.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1864,6 +1864,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
18641864
kb.technique = None
18651865
kb.tempDir = None
18661866
kb.testMode = False
1867+
kb.testOnlyCustom = False
18671868
kb.testQueryCount = 0
18681869
kb.testType = None
18691870
kb.threadContinue = True

lib/core/target.py

Lines changed: 33 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,6 @@ def _setRequestParams():
8080
return
8181

8282
testableParameters = False
83-
skipHeaders = False
8483

8584
# Perform checks on GET parameters
8685
if conf.parameters.get(PLACE.GET):
@@ -125,16 +124,7 @@ def process(match, repl):
125124
kb.processUserMarks = not test or test[0] not in ("n", "N")
126125

127126
if kb.processUserMarks:
128-
skipHeaders = True
129-
130-
conf.parameters.clear()
131-
conf.paramDict.clear()
132-
133-
if "=%s" % CUSTOM_INJECTION_MARK_CHAR in conf.data:
134-
warnMsg = "it seems that you've provided empty parameter value(s) "
135-
warnMsg += "for testing. Please, always use only valid parameter values "
136-
warnMsg += "so sqlmap could be able to run properly"
137-
logger.warn(warnMsg)
127+
kb.testOnlyCustom = True
138128

139129
if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
140130
if re.search(JSON_RECOGNITION_REGEX, conf.data):
@@ -249,10 +239,7 @@ def process(match, repl):
249239
kb.processUserMarks = not test or test[0] not in ("n", "N")
250240

251241
if kb.processUserMarks:
252-
skipHeaders = True
253-
254-
conf.parameters.clear()
255-
conf.paramDict.clear()
242+
kb.testOnlyCustom = True
256243

257244
if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
258245
warnMsg = "it seems that you've provided empty parameter value(s) "
@@ -317,50 +304,49 @@ def process(match, repl):
317304
if conf.get(item):
318305
conf[item] = conf[item].replace(CUSTOM_INJECTION_MARK_CHAR, "")
319306

320-
if not skipHeaders:
321-
# Perform checks on Cookie parameters
322-
if conf.cookie:
323-
conf.parameters[PLACE.COOKIE] = conf.cookie
324-
paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
307+
# Perform checks on Cookie parameters
308+
if conf.cookie:
309+
conf.parameters[PLACE.COOKIE] = conf.cookie
310+
paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
325311

326-
if paramDict:
327-
conf.paramDict[PLACE.COOKIE] = paramDict
328-
testableParameters = True
312+
if paramDict:
313+
conf.paramDict[PLACE.COOKIE] = paramDict
314+
testableParameters = True
329315

330-
# Perform checks on header values
331-
if conf.httpHeaders:
332-
for httpHeader, headerValue in conf.httpHeaders:
333-
# Url encoding of the header values should be avoided
334-
# Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
316+
# Perform checks on header values
317+
if conf.httpHeaders:
318+
for httpHeader, headerValue in conf.httpHeaders:
319+
# Url encoding of the header values should be avoided
320+
# Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
335321

336-
httpHeader = httpHeader.title()
322+
httpHeader = httpHeader.title()
337323

338-
if httpHeader == HTTP_HEADER.USER_AGENT:
339-
conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
324+
if httpHeader == HTTP_HEADER.USER_AGENT:
325+
conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
340326

341-
condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
327+
condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
342328

343-
if condition:
344-
conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
345-
testableParameters = True
329+
if condition:
330+
conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
331+
testableParameters = True
346332

347-
elif httpHeader == HTTP_HEADER.REFERER:
348-
conf.parameters[PLACE.REFERER] = urldecode(headerValue)
333+
elif httpHeader == HTTP_HEADER.REFERER:
334+
conf.parameters[PLACE.REFERER] = urldecode(headerValue)
349335

350-
condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
336+
condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
351337

352-
if condition:
353-
conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
354-
testableParameters = True
338+
if condition:
339+
conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
340+
testableParameters = True
355341

356-
elif httpHeader == HTTP_HEADER.HOST:
357-
conf.parameters[PLACE.HOST] = urldecode(headerValue)
342+
elif httpHeader == HTTP_HEADER.HOST:
343+
conf.parameters[PLACE.HOST] = urldecode(headerValue)
358344

359-
condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
345+
condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
360346

361-
if condition:
362-
conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
363-
testableParameters = True
347+
if condition:
348+
conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
349+
testableParameters = True
364350

365351
if not conf.parameters:
366352
errMsg = "you did not provide any GET, POST and Cookie "

0 commit comments

Comments
 (0)