Implementation for an Issue #4

stamparm · stamparm · commit efa99c451901 · 2012-07-26T14:07:05.000+02:00
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -88,7 +88,8 @@
                                "timeSec":           "integer",
                                "uCols":             "string",
                                "uChar":             "string",
-                               "dnsName":           "string"
+                               "dnsName":           "string",
+                               "secondOrder":       "string"
                              },
 
             "Fingerprint":   {
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -288,6 +288,10 @@ def cmdLineParser():
         techniques.add_option("--dns-domain", dest="dnsName",
                               help="Domain name used for DNS exfiltration attack")
 
+        techniques.add_option("--second-order", dest="secondOrder",
+                             help="Resulting page url searched for second-order "
+                                  "response")
+
         # Fingerprint options
         fingerprint = OptionGroup(parser, "Fingerprint")
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -192,7 +192,7 @@ def getPage(**kwargs):
         code = None
         page = None
         requestMsg = u"HTTP request [#%d]:\n%s " % (threadData.lastRequestUID, method or (HTTPMETHOD.POST if post else HTTPMETHOD.GET))
-        requestMsg += "%s" % urlparse.urlsplit(url)[2] or "/"
+        requestMsg += ("%s" % urlparse.urlsplit(url)[2] or "/") if not any((refreshing, crawling)) else url
         responseMsg = u"HTTP response "
         requestHeaders = u""
         responseHeaders = None
@@ -236,7 +236,7 @@ def getPage(**kwargs):
 
                 return page
 
-            elif any ([refreshing, crawling]):
+            elif any ((refreshing, crawling)):
                 pass
 
             elif target:
@@ -731,6 +731,9 @@ def _randomizeParameter(paramString, randomParameter):
         if not pageLength:
             page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
 
+        if conf.secondOrder:
+            page, headers, code = Connect.getPage(url=conf.secondOrder, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True)
+
         threadData.lastQueryDuration = calculateDeltaSeconds(start)
 
         kb.originalCode = kb.originalCode or code
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -310,6 +310,10 @@ uChar =
 # Valid: string
 dnsName =
 
+# Resulting page url searched for second-order response
+# Valid: string
+secondOrder =
+
 
 [Fingerprint]
 
