Update and patch for an Issue sqlmapproject#2

bf30075 · Nov 17, 2014 · 1ac5c8a · 1ac5c8a
1 parent 733e06e
commit 1ac5c8a
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 7 deletions.
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -460,7 +460,7 @@ def start():
                         elif parameter == conf.csrfToken:
                             testSqlInj = False
 
-                            infoMsg = "skipping CSRF protection token parameter '%s'" % parameter
+                            infoMsg = "skipping anti-CSRF token parameter '%s'" % parameter
                             logger.info(infoMsg)
 
                         # Ignore session-like parameters for --level < 4

diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -52,6 +52,8 @@
                                "safUrl":            "string",
                                "saFreq":            "integer",
                                "skipUrlEncode":     "boolean",
+                               "csrfToken":         "string",
+                               "csrfUrl":           "string",
                                "forceSSL":          "boolean",
                                "hpp":               "boolean",
                                "evalCode":          "string",

diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -606,7 +606,7 @@
 # Reference: http://www.cookiecentral.com/faq/#3.5
 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
 
-# Infixes used for automatic recognition of parameters carrying CSRF protection tokens
+# Infixes used for automatic recognition of parameters carrying anti-CSRF tokens
 CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf")
 
 # Prefixes used in brute force search for web server document root

diff --git a/lib/core/target.py b/lib/core/target.py
@@ -348,14 +348,14 @@ def process(match, repl):
 
     if conf.csrfToken:
         if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders) and not conf.csrfToken in conf.paramDict.get(PLACE.COOKIE, {}):
-            errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken
+            errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken
             errMsg += "found in provided GET, POST, Cookie or header values"
             raise SqlmapGenericException(errMsg)
     else:
         for place in (PLACE.GET, PLACE.POST, PLACE.COOKIE):
             for parameter in conf.paramDict.get(place, {}):
                 if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
-                    message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter)
+                    message = "%s parameter '%s' appears to hold anti-CSRF token. " % (place, parameter)
                     message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
                     test = readInput(message, default="N")
                     if test and test[0] in ("y", "Y"):

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -191,10 +191,10 @@ def cmdLineParser():
                            help="Skip URL encoding of payload data")
 
         request.add_option("--csrf-token", dest="csrfToken",
-                           help="Parameter used to hold CSRF protection token")
+                           help="Parameter used to hold anti-CSRF token")
 
         request.add_option("--csrf-url", dest="csrfUrl",
-                           help="URL address to visit to extract CSRF protection token")
+                           help="URL address to visit to extract anti-CSRF token")
 
         request.add_option("--force-ssl", dest="forceSSL",
                            action="store_true",

diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -787,7 +787,7 @@ def _adjustParameter(paramString, parameter, newValue):
                             break
 
                 if not token:
-                    errMsg = "CSRF protection token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
+                    errMsg = "anti-CSRF token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
                     if not conf.csrfUrl:
                         errMsg += ". You can try to rerun by providing "
                         errMsg += "a valid value for option '--csrf-url'"

diff --git a/sqlmap.conf b/sqlmap.conf
@@ -158,6 +158,12 @@ saFreq = 0
 # Valid: True or False
 skipUrlEncode = False
 
+# Parameter used to hold anti-CSRF token
+csrfToken = 
+
+# URL address to visit to extract anti-CSRF token
+csrfUrl = 
+
 # Force usage of SSL/HTTPS
 # Valid: True or False
 forceSSL = False