diff --git a/lib/core/agent.py b/lib/core/agent.py index a2878b553..426d7f6ca 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -168,7 +168,7 @@ class Agent(object): retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(REPLACEMENT_MARKER, CUSTOM_INJECTION_MARK_CHAR) elif BOUNDED_INJECTION_MARKER in paramDict[parameter]: _ = "%s%s" % (origValue, BOUNDED_INJECTION_MARKER) - retVal = "%s=%s" % (parameter, paramString.replace(_, self.addPayloadDelimiters(newValue))) + retVal = "%s=%s" % (re.sub(r" \#\d\*\Z", "", parameter), paramString.replace(_, self.addPayloadDelimiters(newValue))) elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST): retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue)) else: diff --git a/lib/core/common.py b/lib/core/common.py index 967c66365..63293d55c 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -604,6 +604,44 @@ def paramToDict(place, parameters=None): for regex in (r"\A((?:<[^>]+>)+\w+)((?:<[^>]+>)+)\Z", r"\A([^\w]+.*\w+)([^\w]+)\Z"): match = re.search(regex, testableParameters[parameter]) if match: + try: + candidates = OrderedDict() + + def walk(head, current=None): + current = current or head + if isListLike(current): + for _ in current: + walk(head, _) + elif isinstance(current, dict): + for key in current.keys(): + value = current[key] + if isinstance(value, (list, tuple, set, dict)): + walk(head, value) + elif isinstance(value, (bool, int, float, basestring)): + original = current[key] + if isinstance(value, bool): + current[key] = "%s%s" % (str(value).lower(), BOUNDED_INJECTION_MARKER) + else: + current[key] = "%s%s" % (value, BOUNDED_INJECTION_MARKER) + candidates["%s #%d%s" % (parameter, len(candidates) + 1, CUSTOM_INJECTION_MARK_CHAR)] = json.dumps(deserialized) + current[key] = original + + deserialized = json.loads(testableParameters[parameter]) + walk(deserialized) + + if candidates: + message = "it appears that provided value for %s parameter '%s' " % (place, parameter) + message += "is JSON deserializable. Do you want to inject inside? [y/N] " + test = readInput(message, default="N") + if test[0] in ("y", "Y"): + del testableParameters[parameter] + testableParameters.update(candidates) + break + except (KeyboardInterrupt, SqlmapUserQuitException): + raise + except Exception: + pass + _ = re.sub(regex, "\g<1>%s\g<%d>" % (CUSTOM_INJECTION_MARK_CHAR, len(match.groups())), testableParameters[parameter]) message = "it appears that provided value for %s parameter '%s' " % (place, parameter) message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _ diff --git a/lib/core/settings.py b/lib/core/settings.py index 53493ed1b..88c1c83be 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.5.33" +VERSION = "1.0.5.34" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")