| skipped 108 lines |
109 | 109 | | |
110 | 110 | | def __body(self): |
111 | 111 | | content_type = self.content_type |
| 112 | + | body = self.rfile.read().decode("utf-8").strip() |
112 | 113 | | if content_type and "multipart/form-data" in content_type: |
113 | 114 | | self.is_multipart = True |
114 | | - | return self.rfile.read().decode("utf-8").strip() |
| 115 | + | return body |
115 | 116 | | if content_type and content_type in [ |
116 | 117 | | "application/x-www-form-urlencoded", |
117 | 118 | | "application/x-www-form-urlencoded; charset=UTF-8", |
| skipped 1 lines |
119 | 120 | | "application/json; charset=UTF-8", |
120 | 121 | | "application/json;charset=UTF-8", |
121 | 122 | | ]: |
122 | | - | return self.rfile.read().decode("utf-8").strip() |
| 123 | + | return body |
123 | 124 | | |
124 | 125 | | @property |
125 | 126 | | def type(self): |
| skipped 1120 lines |
1246 | 1247 | | if injection_type in ["GET", "POST", "COOKIE"]: |
1247 | 1248 | | if injection_type == "POST" and is_json: |
1248 | 1249 | | _ = re.search(REGEX_JSON_INJECTION, text) |
| 1250 | + | REGEX_JSON_KEY_VALUE = ( |
| 1251 | + | r"(?is)(?:(?P<key>(['\"]%s['\"]))(:)\s*(?P<value>(['\"\[]*)(%s)(['\"\]]*))(?:,)?)" |
| 1252 | + | % (key, value) |
| 1253 | + | ) |
| 1254 | + | mkv = re.search(REGEX_JSON_KEY_VALUE, text) |
1249 | 1255 | | if _ and "*" in _.group(4).strip(): |
1250 | 1256 | | value = re.sub(r"\*", "", _.group(4).strip()) |
1251 | 1257 | | if len(value) > 0: |
| skipped 10 lines |
1262 | 1268 | | text, |
1263 | 1269 | | ) |
1264 | 1270 | | else: |
| 1271 | + | # ugly hack for JSON based int values to convert them into string for adding a payload properly |
| 1272 | + | v_ = "\\4%s\\5" |
| 1273 | + | try: |
| 1274 | + | if mkv: |
| 1275 | + | v = mkv.group("value") |
| 1276 | + | _mobj = re.search(r"^\d+$", v) |
| 1277 | + | if _mobj: |
| 1278 | + | v_ = '"\\4%s"\\5' |
| 1279 | + | except: |
| 1280 | + | pass |
| 1281 | + | v_ = v_ % (payload.replace('"', '\\"')) |
1265 | 1282 | | prepared_payload = re.sub( |
1266 | 1283 | | REGEX_JSON_INJECTION, |
1267 | | - | "\\1\\2\\3\\4%s\\5" % (payload.replace('"', '\\"')), |
| 1284 | + | "\\1\\2\\3%s" % (v_), |
1268 | 1285 | | text, |
1269 | 1286 | | ) |
1270 | 1287 | | if replace_value: |
| skipped 197 lines |
1468 | 1485 | | conf._json_post_data.append( |
1469 | 1486 | | {"key": key, "value": i, "type": "JSON "} |
1470 | 1487 | | ) |
1471 | | - | elif isinstance(value, str): |
| 1488 | + | elif isinstance(value, (str, int)): |
1472 | 1489 | | conf._json_post_data.append( |
1473 | | - | {"key": key, "value": value, "type": "JSON "} |
| 1490 | + | {"key": key, "value": "{}".format(value), "type": "JSON "} |
1474 | 1491 | | ) |
1475 | 1492 | | # logger.debug(conf._json_post_data) |
1476 | 1493 | | return conf._json_post_data |
| skipped 252 lines |
1729 | 1746 | | raw = f"{request_type} {path} HTTP/1.1\n" |
1730 | 1747 | | raw += f"{custom_headers if custom_headers else ''}\n" |
1731 | 1748 | | if data: |
| 1749 | + | data = re.sub(r"[\n]+", "", data) |
1732 | 1750 | | raw += f"\n{data}\n" |
1733 | 1751 | | header = {} |
1734 | 1752 | | headers = custom_headers.split("\n") |
| skipped 385 lines |