mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-12 03:23:27 +00:00
Fixes #5933
This commit is contained in:
parent
567e051215
commit
8bc0f4794c
3 changed files with 25 additions and 2 deletions
|
|
@ -20,7 +20,7 @@ from lib.core.enums import OS
|
|||
from thirdparty import six
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.10.7.76"
|
||||
VERSION = "1.10.7.77"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
|||
|
|
@ -214,6 +214,22 @@ def _setRequestParams():
|
|||
conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
|
||||
conf.data = re.sub(r"(<(?P<name>[^>]+)( [^<]*)?>)([^<]+)(</\2)", functools.partial(process, repl=r"\g<1>\g<4>%s\g<5>" % kb.customInjectionMark), conf.data)
|
||||
|
||||
# Also expose XML attribute values (e.g. <item id="1">) as injection points, not just
|
||||
# element text (Reference: https://github.com/sqlmapproject/sqlmap/issues/5993). Done per
|
||||
# opening tag (skipping <?...?> declarations, <!...> and closing tags) so every attribute
|
||||
# is covered while the XML declaration/namespaces are left intact.
|
||||
def processAttributes(match):
|
||||
def _attr(m):
|
||||
name = m.group("name")
|
||||
if name == "xmlns" or name.startswith("xmlns:"): # namespace declarations are not injection points
|
||||
return m.group(0)
|
||||
if conf.testParameter and name not in (removePostHintPrefix(_) for _ in conf.testParameter):
|
||||
return m.group(0)
|
||||
hintNames.append(("%s%s%s" % (m.group(1), m.group(3), m.group(4)), name))
|
||||
return "%s%s%s%s%s" % (m.group(1), m.group(3), m.group(4), kb.customInjectionMark, m.group(5))
|
||||
return re.sub(r'(\s(?P<name>[\w:.-]+)\s*=\s*)(["\'])([^"\'<>]*)(["\'])', _attr, match.group(0))
|
||||
conf.data = re.sub(r"(?s)<[^>?!/][^>]*>", processAttributes, conf.data)
|
||||
|
||||
elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data):
|
||||
message = "Multipart-like data found in %s body. " % conf.method
|
||||
message += "Do you want to process it? [Y/n/q] "
|
||||
|
|
|
|||
|
|
@ -175,10 +175,17 @@ class TestXmlMarking(unittest.TestCase):
|
|||
|
||||
CASES = [
|
||||
("<a>x</a>", "<a>x*</a>"),
|
||||
('<a id="1">x</a>', '<a id="1">x*</a>'),
|
||||
# attribute values are now marked too, not just element text (issue #5993)
|
||||
('<a id="1">x</a>', '<a id="1*">x*</a>'),
|
||||
("<user><name>bob</name><id>5</id></user>", "<user><name>bob*</name><id>5*</id></user>"),
|
||||
("<ns:tag>v</ns:tag>", "<ns:tag>v*</ns:tag>"),
|
||||
("<soap:Body><q>1</q></soap:Body>", "<soap:Body><q>1*</q></soap:Body>"),
|
||||
# multiple attributes and single-quoted attribute values
|
||||
('<a id="1" role="x">y</a>', '<a id="1*" role="x*">y*</a>'),
|
||||
("<a id='1'>y</a>", "<a id='1*'>y*</a>"),
|
||||
# XML declaration and namespace declarations are left intact (not injection points)
|
||||
('<?xml version="1.0"?><a>y</a>', '<?xml version="1.0"?><a>y*</a>'),
|
||||
('<a xmlns="urn:x" id="1">y</a>', '<a xmlns="urn:x" id="1*">y*</a>'),
|
||||
]
|
||||
|
||||
def test_cases(self):
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue