Initial support for #25 (and #1387)

stamparm · stamparm · commit 3127d5bf5430 · 2019-04-17T14:22:36.000+02:00
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -5,6 +5,7 @@
 See the file 'LICENSE' for copying permission
 """
 
+import base64
 import re
 
 from lib.core.common import Backend
@@ -164,6 +165,11 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
 
         newValue = self.cleanupPayload(newValue, origValue)
 
+        if re.sub(r" \(.+", "", parameter) in conf.base64Parameter:
+            # TODO: support for POST_HINT
+            newValue = base64.b64encode(newValue)
+            origValue = base64.b64encode(origValue)
+
         if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
             _ = "%s%s" % (origValue, kb.customInjectionMark)
             if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString:
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -603,7 +603,20 @@ def paramToDict(place, parameters=None):
             condition |= place == PLACE.COOKIE and len(intersect((PLACE.COOKIE,), conf.testParameter, True)) > 0
 
             if condition:
-                testableParameters[parameter] = "=".join(parts[1:])
+                value = "=".join(parts[1:])
+
+                if parameter in (conf.base64Parameter or []):
+                    try:
+                        oldValue = value
+                        value = value.decode("base64")
+                        parameters = re.sub(r"\b%s\b" % re.escape(oldValue), value, parameters)
+                    except:
+                        errMsg = "parameter '%s' does not contain " % parameter
+                        errMsg += "valid Base64 encoded value ('%s')" % value
+                        raise SqlmapValueException(errMsg)
+
+                testableParameters[parameter] = value
+
                 if not conf.multipleTargets and not (conf.csrfToken and re.search(conf.csrfToken, parameter, re.I)):
                     _ = urldecode(testableParameters[parameter], convall=True)
                     if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1613,6 +1613,13 @@ def _cleanupOptions():
     else:
         conf.testParameter = []
 
+    if conf.base64Parameter:
+        conf.base64Parameter = urldecode(conf.base64Parameter)
+        conf.base64Parameter = conf.base64Parameter.replace(" ", "")
+        conf.base64Parameter = re.split(PARAMETER_SPLITTING_REGEX, conf.base64Parameter)
+    else:
+        conf.base64Parameter = []
+
     if conf.agent:
         conf.agent = re.sub(r"[\r\n]", "", conf.agent)
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -17,7 +17,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.4.13"
+VERSION = "1.3.4.14"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -681,6 +681,10 @@ def cmdLineParser(argv=None):
                                  help="Simple wizard interface for beginner users")
 
         # Hidden and/or experimental options
+        parser.add_option("--base64", dest="base64Parameter",
+                          help=SUPPRESS_HELP)
+#                          help="Parameter(s) containing Base64 encoded values")
+
         parser.add_option("--crack", dest="hashFile",
                           help=SUPPRESS_HELP)
 #                          help="Load and crack hashes from a file (standalone)")
