mirror of
https://github.com/sqlmapproject/sqlmap
synced 2026-02-15 11:53:33 +01:00
Make XML/HTML encoding in SOAP requests optional (#6015)
Co-authored-by: soffensive <soffensive>
This commit is contained in:
soffensive
GitHub
parent
2b6115c70c
commit
9312d26da8
4 changed files with 9 additions and 1 deletions
|
|
@ -63,6 +63,7 @@ optDict = {
|
|||
"safeReqFile": "string",
|
||||
"safeFreq": "integer",
|
||||
"skipUrlEncode": "boolean",
|
||||
"skipXmlEncode": "boolean",
|
||||
"csrfToken": "string",
|
||||
"csrfUrl": "string",
|
||||
"csrfMethod": "string",
|
||||
|
|
|
|||
|
|
@ -276,6 +276,9 @@ def cmdLineParser(argv=None):
|
|||
request.add_argument("--skip-urlencode", dest="skipUrlEncode", action="store_true",
|
||||
help="Skip URL encoding of payload data")
|
||||
|
||||
request.add_argument("--skip-xml-encode", dest="skipXmlEncode", action="store_true",
|
||||
help="Skip HTML encoding of payload data for SOAP/XML")
|
||||
|
||||
request.add_argument("--csrf-token", dest="csrfToken",
|
||||
help="Parameter used to hold anti-CSRF token")
|
||||
|
||||
|
|
|
|||
|
|
@ -1116,7 +1116,7 @@ class Connect(object):
|
|||
logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload.replace('\\', BOUNDARY_BACKSLASH_MARKER)).replace(BOUNDARY_BACKSLASH_MARKER, '\\'))
|
||||
|
||||
if place == PLACE.CUSTOM_POST and kb.postHint:
|
||||
if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
|
||||
if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML) and not conf.skipXmlEncode:
|
||||
# payloads in SOAP/XML should have chars > and < replaced
|
||||
# with their HTML encoded counterparts
|
||||
payload = payload.replace("&#", SAFE_HEX_MARKER)
|
||||
|
|
|
|||
|
|
@ -198,6 +198,10 @@ safeFreq = 0
|
|||
# Valid: True or False
|
||||
skipUrlEncode = False
|
||||
|
||||
# Skip HTML encoding of payload data for SOAP/XML.
|
||||
# Valid: True or False
|
||||
skipXmlEncode = False
|
||||
|
||||
# Parameter used to hold anti-CSRF token.
|
||||
csrfToken =
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue