Skip to content

Handle non-alnum parameters with --eval #1306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Rogdham wants to merge 1 commit into from
Closed

Handle non-alnum parameters with --eval #1306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions lib/core/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -611,6 +611,9 @@
# Timeout in seconds in which Metasploit remote session has to be initialized
METASPLOIT_SESSION_TIMEOUT = 300

# Replacement for non-ALNUM chars in variables
EVALCODE_NONALNUM_REP = "_%s_" # %s to be changed for hex(ord(char))

# Suffix used to mark variables having keyword names
EVALCODE_KEYWORD_SUFFIX = "_KEYWORD"

Expand Down
29 changes: 25 additions & 4 deletions lib/request/connect.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ class WebSocketException(Exception):
from lib.core.settings import DEFAULT_CONTENT_TYPE
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import EVALCODE_NONALNUM_REP
from lib.core.settings import EVALCODE_KEYWORD_SUFFIX
from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
Expand Down Expand Up @@ -892,12 +893,25 @@ def _randomizeParameter(paramString, randomParameter):
variables = {"uri": uri}
originals = {}
keywords = keyword.kwlist
regex_nonalnum = '(%s)' % \
(EVALCODE_NONALNUM_REP % '0x([0-9a-f]{1,2})')

for item in filter(None, (get, post if not kb.postHint else None)):
for part in item.split(delimiter):
if '=' in part:
name, value = part.split('=', 1)
name = re.sub(r"[^\w]", "", name.strip())
# modify non-alnum delimiters already in name
for p in re.findall(regex_nonalnum, name):
b = EVALCODE_NONALNUM_REP % hex(ord(p[0][0]))
e = EVALCODE_NONALNUM_REP % hex(ord(p[0][-1]))
name = name.replace(
p[0], "%s%s%s" % (b, p[0][1:-1], e))
# modify non-alnum characters
name = "".join(
c if re.search(r"^\w$", c)
else EVALCODE_NONALNUM_REP % hex(ord(c))
for c in name)
# modify keywords
if name in keywords:
name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
Expand Down Expand Up @@ -934,10 +948,17 @@ def _randomizeParameter(paramString, randomParameter):
evaluateCode(conf.evalCode, variables)

for variable in variables.keys():
original = variable
value = variables[variable]
# restore non-alnum characters
for p in re.findall(regex_nonalnum, variable):
variable = variable.replace(p[0], chr(int(p[1], 16)))
# restore keywords
if variable.endswith(EVALCODE_KEYWORD_SUFFIX):
value = variables[variable]
del variables[variable]
variables[variable.replace(EVALCODE_KEYWORD_SUFFIX, "")] = value
variable = variable.replace(EVALCODE_KEYWORD_SUFFIX, "")
if variable != original:
del variables[original]
variables[variable] = value

uri = variables["uri"]

Expand Down