update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)

stamparm · stamparm · commit fa58a9c86bd7 · 2011-01-31T20:36:01.000Z
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -196,7 +196,7 @@ def start():
                 if conf.forms:
                     message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
                 else:
-                    message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl,  "(PR: %s)" % get_pagerank(targetUrl) if conf.googleDork else "")
+                    message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl,  " (PR: %s)" % get_pagerank(targetUrl) if conf.googleDork else "")
 
                 if conf.cookie:
                     message += "\nCookie: %s" % conf.cookie
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -217,3 +217,6 @@
 
 # Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
 URI_HTTP_HEADER = "URI"
+
+# Uri format which could be injectable (e.g. www.site.com/id82)
+URI_INJECTABLE_REGEX = r".*/([^\.*?]+)\Z"
diff --git a/lib/core/target.py b/lib/core/target.py
@@ -32,6 +32,7 @@
 from lib.core.option import __setKnowledgeBaseAttributes
 from lib.core.session import resumeConfKb
 from lib.core.settings import UNICODE_ENCODING
+from lib.core.settings import URI_INJECTABLE_REGEX
 from lib.core.xmldump import dumper as xmldumper
 from lib.request.connect import Connect as Request
 
@@ -78,6 +79,9 @@ def __setRequestParams():
 
         conf.method = HTTPMETHOD.POST
 
+    if re.search(URI_INJECTABLE_REGEX, conf.url, re.I):
+        conf.url = "%s*" % conf.url
+
     if "*" in conf.url:
         conf.parameters[PLACE.URI] = conf.url
         conf.paramDict[PLACE.URI] = {}
diff --git a/lib/utils/google.py b/lib/utils/google.py
@@ -22,6 +22,7 @@
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapGenericException
 from lib.core.settings import UNICODE_ENCODING
+from lib.core.settings import URI_INJECTABLE_REGEX
 from lib.request.basic import decodePage
 
 class Google:
@@ -59,8 +60,10 @@ def getTargetUrls(self):
         """
 
         for match in self.__matches:
-            if re.search("(.*?)\?(.+)", match, re.I):
+            if re.search(r"(.*?)\?(.+)", match, re.I):
                 kb.targetUrls.add(( htmlunescape(htmlunescape(match)), None, None, None ))
+            elif re.search(URI_INJECTABLE_REGEX, match, re.I):
+                kb.targetUrls.add(( htmlunescape(htmlunescape("%s" % match)), None, None, None ))
 
     def getCookie(self):
         """
