STRLCPY/ghauri

fixed issue with json post data processing
r0oth3x49 committed 12 months ago

dd18811f

1 parent bb224830

■ ■ ■ ■ ■ ■

ghauri/common/utils.py

		skipped 108 lines
109	109
110	110		def __body(self):
111	111		content_type = self.content_type
	112	+	body = self.rfile.read().decode("utf-8").strip()
112	113		if content_type and "multipart/form-data" in content_type:
113	114		self.is_multipart = True
114		-	return self.rfile.read().decode("utf-8").strip()
	115	+	return body
115	116		if content_type and content_type in [
116	117		"application/x-www-form-urlencoded",
117	118		"application/x-www-form-urlencoded; charset=UTF-8",
		skipped 1 lines
119	120		"application/json; charset=UTF-8",
120	121		"application/json;charset=UTF-8",
121	122		]:
122		-	return self.rfile.read().decode("utf-8").strip()
	123	+	return body
123	124
124	125		@property
125	126		def type(self):
		skipped 1120 lines
1246	1247		if injection_type in ["GET", "POST", "COOKIE"]:
1247	1248		if injection_type == "POST" and is_json:
1248	1249		_ = re.search(REGEX_JSON_INJECTION, text)
	1250	+	REGEX_JSON_KEY_VALUE = (
	1251	+	r"(?is)(?:(?P<key>(['\"]%s['\"]))(:)\s(?P<value>(['\"\[])(%s)(['\"\]]*))(?:,)?)"
	1252	+	% (key, value)
	1253	+	)
	1254	+	mkv = re.search(REGEX_JSON_KEY_VALUE, text)
1249	1255		if _ and "*" in _.group(4).strip():
1250	1256		value = re.sub(r"\*", "", _.group(4).strip())
1251	1257		if len(value) > 0:
		skipped 10 lines
1262	1268		text,
1263	1269		)
1264	1270		else:
	1271	+	# ugly hack for JSON based int values to convert them into string for adding a payload properly
	1272	+	v_ = "\\4%s\\5"
	1273	+	try:
	1274	+	if mkv:
	1275	+	v = mkv.group("value")
	1276	+	_mobj = re.search(r"^\d+$", v)
	1277	+	if _mobj:
	1278	+	v_ = '"\\4%s"\\5'
	1279	+	except:
	1280	+	pass
	1281	+	v_ = v_ % (payload.replace('"', '\\"'))
1265	1282		prepared_payload = re.sub(
1266	1283		REGEX_JSON_INJECTION,
1267		-	"\\1\\2\\3\\4%s\\5" % (payload.replace('"', '\\"')),
	1284	+	"\\1\\2\\3%s" % (v_),
1268	1285		text,
1269	1286		)
1270	1287		if replace_value:
		skipped 197 lines
1468	1485		conf._json_post_data.append(
1469	1486		{"key": key, "value": i, "type": "JSON "}
1470	1487		)
1471		-	elif isinstance(value, str):
	1488	+	elif isinstance(value, (str, int)):
1472	1489		conf._json_post_data.append(
1473		-	{"key": key, "value": value, "type": "JSON "}
	1490	+	{"key": key, "value": "{}".format(value), "type": "JSON "}
1474	1491		)
1475	1492		# logger.debug(conf._json_post_data)
1476	1493		return conf._json_post_data
		skipped 252 lines
1729	1746		raw = f"{request_type} {path} HTTP/1.1\n"
1730	1747		raw += f"{custom_headers if custom_headers else ''}\n"
1731	1748		if data:
	1749	+	data = re.sub(r"[\n]+", "", data)
1732	1750		raw += f"\n{data}\n"
1733	1751		header = {}
1734	1752		headers = custom_headers.split("\n")
		skipped 385 lines

■ ■ ■ ■ ■ ■

ghauri/core/tests.py

		skipped 1614 lines
1615	1615		injection_type=injection_type,
1616	1616		encode=False,
1617	1617		)
	1618	+	if is_json:
	1619	+	_data = re.sub(r"[\n]+", "", _data)
1618	1620		if injection_type == "GET":
1619	1621		_url = prepare_attack_request(
1620	1622		text=url,
		skipped 930 lines

■ ■ ■ ■ ■ ■

ghauri/ghauri.py

		skipped 31 lines
32	32		from ghauri.core.tests import basic_check, check_injections
33	33		from ghauri.common.lib import (
34	34		os,
	35	+	re,
35	36		ssl,
36	37		json,
37	38		quote,
		skipped 108 lines
146	147		logger.end("ending")
147	148		exit(0)
148	149		logger.info(f"parsing HTTP request from '{requestfile}'")
149		-	raw = "\n".join([i.strip() for i in open(requestfile) if i])
	150	+	# raw = "\n".join([i.strip() for i in open(requestfile) if i])
	151	+	raw = "\n".join(
	152	+	[re.sub(r"[^\x00-\x7F]+", " ", i.strip()) for i in open(requestfile) if i]
	153	+	)
150	154		if raw:
151	155		req = HTTPRequest(raw)
152	156		url = req.url
		skipped 684 lines

fixed issue with json post data processing