Added --code switch to match in boolean-based tests against the HTTP response code

bdamele · bdamele · commit 702ed73a65b0 · 2011-08-12T16:48:11.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -898,15 +898,15 @@ def checkNullConnection():
     logger.info(infoMsg)
 
     try:
-        page, headers = Request.getPage(method=HTTPMETHOD.HEAD)
+        page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD)
 
         if not page and HTTPHEADER.CONTENT_LENGTH in headers:
             kb.nullConnection = NULLCONNECTION.HEAD
 
             infoMsg = "NULL connection is supported with HEAD header"
             logger.info(infoMsg)
         else:
-            page, headers = Request.getPage(auxHeaders={HTTPHEADER.RANGE: "bytes=-1"})
+            page, headers, _ = Request.getPage(auxHeaders={HTTPHEADER.RANGE: "bytes=-1"})
 
             if page and len(page) == 1 and HTTPHEADER.CONTENT_RANGE in headers:
                 kb.nullConnection = NULLCONNECTION.RANGE
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1330,6 +1330,9 @@ def __cleanupOptions():
     else:
         kb.adjustTimeDelay = False
 
+    if conf.code:
+        conf.code = int(conf.code)
+
 def __setConfAttributes():
     """
     This function set some needed attributes into the configuration
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -68,6 +68,7 @@
                                "risk":              "integer",
                                "string":            "string",
                                "regexp":            "string",
+                               "code":              "string",
                                "textOnly":          "boolean",
                                "titles":            "boolean"
                              },
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -200,13 +200,16 @@ def cmdLineParser():
                                   "default %d)" % defaults.level)
 
         detection.add_option("--string", dest="string",
-                             help="String to match in page when the "
+                             help="String to match in the response when "
                                   "query is valid")
 
         detection.add_option("--regexp", dest="regexp",
-                             help="Regexp to match in page when the "
+                             help="Regexp to match in the response when "
                                   "query is valid")
 
+        detection.add_option("--code", dest="code", type="int",
+                             help="HTTP response code to match when the query is valid")
+
         detection.add_option("--text-only", dest="textOnly",
                              action="store_true",
                              help="Compare pages based only on the textual content")
diff --git a/lib/request/comparison.py b/lib/request/comparison.py
@@ -28,7 +28,7 @@
 from lib.core.settings import UPPER_RATIO_BOUND
 from lib.core.threads import getCurrentThreadData
 
-def comparison(page, headers, getRatioValue=False, pageLength=None):
+def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
     if page is None and pageLength is None:
         return None
 
@@ -50,6 +50,9 @@ def comparison(page, headers, getRatioValue=False, pageLength=None):
             condition = re.search(conf.regexp, rawResponse, re.I | re.M) is not None
             return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
 
+    if isinstance(code, int) and conf.code:
+        return code == conf.code
+
     if page:
         # In case of an DBMS error page return None
         if kb.errorIsNone and (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -306,7 +306,7 @@ def getPage(**kwargs):
 
             # Return response object
             if response:
-                return conn, None
+                return conn, None, None
 
             # Get HTTP response
             page = conn.read()
@@ -369,7 +369,7 @@ def getPage(**kwargs):
                 warnMsg = "connection timed out while trying "
                 warnMsg += "to get error page information (%d)" % e.code
                 logger.warn(warnMsg)
-                return None, None
+                return None, None, None
             except:
                 pass
 
@@ -409,7 +409,7 @@ def getPage(**kwargs):
                     processResponse(page, responseHeaders)
             elif e.code == 504:
                 if ignoreTimeout:
-                    return None, None
+                    return None, None, None
                 else:
                     warnMsg = "unable to connect to the target url (%d - %s)" % (e.code, httplib.responses[e.code])
                     if threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest:
@@ -418,14 +418,14 @@ def getPage(**kwargs):
                         return Connect.__retryProxy(**kwargs)
                     elif kb.testMode:
                         logger.critical(warnMsg)
-                        return None, None
+                        return None, None, None
                     else:
                         raise sqlmapConnectionException, warnMsg
             else:
                 debugMsg = "got HTTP error code: %d (%s)" % (code, status)
                 logger.debug(debugMsg)
                 processResponse(page, responseHeaders)
-                return page, responseHeaders
+                return page, responseHeaders, code
 
         except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead), e:
             tbMsg = traceback.format_exc()
@@ -454,16 +454,16 @@ def getPage(**kwargs):
 
             if "forcibly closed" in tbMsg:
                 logger.critical(warnMsg)
-                return None, None
+                return None, None, None
             elif silent or (ignoreTimeout and any(map(lambda x: x in tbMsg, ["timed out", "IncompleteRead"]))):
-                return None, None
+                return None, None, None
             elif threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest:
                 warnMsg += ", sqlmap is going to retry the request"
                 logger.critical(warnMsg)
                 return Connect.__retryProxy(**kwargs)
             elif kb.testMode:
                 logger.critical(warnMsg)
-                return None, None
+                return None, None, None
             else:
                 raise sqlmapConnectionException, warnMsg
 
@@ -485,7 +485,7 @@ def getPage(**kwargs):
 
         logger.log(7, responseMsg)
 
-        return page, responseHeaders
+        return page, responseHeaders, code
 
     @staticmethod
     def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None):
@@ -613,7 +613,7 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
 
                 auxHeaders[HTTPHEADER.RANGE] = "bytes=-1"
 
-            _, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
+            _, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404)
 
             if headers:
                 if kb.nullConnection == NULLCONNECTION.HEAD and HTTPHEADER.CONTENT_LENGTH in headers:
@@ -622,7 +622,7 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
                     pageLength = int(headers[HTTPHEADER.CONTENT_RANGE][headers[HTTPHEADER.CONTENT_RANGE].find('/') + 1:])
 
         if not pageLength:
-            page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
+            page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
 
         threadData.lastQueryDuration = calculateDeltaSeconds(start)
 
@@ -643,8 +643,8 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
         page = removeReflectiveValues(page, payload)
 
         if getRatioValue:
-            return comparison(page, headers, getRatioValue=False, pageLength=pageLength), comparison(page, headers, getRatioValue=True, pageLength=pageLength)
+            return comparison(page, headers, code, getRatioValue=False, pageLength=pageLength), comparison(page, headers, code, getRatioValue=True, pageLength=pageLength)
         elif pageLength or page:
-            return comparison(page, headers, getRatioValue, pageLength)
+            return comparison(page, headers, code, getRatioValue, pageLength)
         else:
             return False
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
@@ -62,7 +62,7 @@ def webBackdoorRunCmd(self, cmd):
             cmd = conf.osCmd
 
         cmdUrl = "%s?cmd=%s" % (self.webBackdoorUrl, cmd)
-        page, _ = Request.getPage(url=cmdUrl, direct=True, silent=True)
+        page, _, _ = Request.getPage(url=cmdUrl, direct=True, silent=True)
 
         if page is not None:
             output = re.search("<pre>(.+?)</pre>", page, re.I | re.S)
@@ -237,7 +237,7 @@ def webInit(self):
                 self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath)
                 self.webStagerUrl = "%s/%s" % (self.webBaseUrl, stagerName)
 
-                uplPage, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
+                uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
 
                 if "sqlmap file uploader" not in uplPage:
                     if localPath not in warned:
diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py
@@ -109,7 +109,7 @@ def __orderByTest(cols):
         query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar)
         payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
         page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
-        ratio = comparison(page, headers, True) or MIN_RATIO
+        ratio = comparison(page, headers, getRatioValue=True) or MIN_RATIO
         ratios.append(ratio)
         min_, max_ = min(min_, ratio), max(max_, ratio)
         items.append((count, ratio))
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -204,19 +204,25 @@ level = 1
 # Default: 1
 risk = 1
 
-# String to match within the page content when the query is valid, only
+# String to match within the raw response when the query is valid, only
 # needed if the page content dynamically changes at each refresh.
 # Refer to the user's manual for further details.
 string = 
 
-# Regular expression to match within the page content when the query is
+# Regular expression to match within the raw response when the query is
 # valid, only needed if the needed if the page content dynamically changes
 # at each refresh.
 # Refer to the user's manual for further details.
 # Valid: regular expression with Python syntax
 # (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
 regexp = 
 
+# HTTP response code to match when the query is valid
+# Valid: True or False
+# Example: 200 (assuming any False statement returns a different response
+# code)
+code = 
+
 # Compare pages based only on the textual content
 # Valid: True or False
 textOnly = False
