MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / do_REQUEST

Method do_REQUEST

extra/vulnserver/vulnserver.py:94–199  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

92
93class ReqHandler(BaseHTTPRequestHandler):
94 def do_REQUEST(self):
95 path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "")
96 params = {}
97
98 if query:
99 params.update(parse_qs(query))
100
101 if "<script>" in unquote_plus(query):
102 self.send_response(INTERNAL_SERVER_ERROR)
103 self.send_header("X-Powered-By", "Express")
104 self.send_header("Connection", "close")
105 self.end_headers()
106 self.wfile.write("CLOUDFLARE_ERROR_500S_BOX".encode(UNICODE_ENCODING))
107 return
108
109 if hasattr(self, "data"):
110 if self.data.startswith('{') and self.data.endswith('}'):
111 params.update(json.loads(self.data))
112 elif self.data.startswith('<') and self.data.endswith('>'):
113 params.update(dict((_[0], _[1].replace("&apos;", "'").replace("&quot;", '"').replace("&lt;", '<').replace("&gt;", '>').replace("&amp;", '&')) for _ in re.findall(r'name="([^"]+)" value="([^"]*)"', self.data)))
114 else:
115 self.data = self.data.replace(';', '&') # Note: seems that Python3 started ignoring parameter splitting with ';'
116 params.update(parse_qs(self.data))
117
118 for name in self.headers:
119 params[name.lower()] = self.headers[name]
120
121 if "cookie" in params:
122 for part in params["cookie"].split(';'):
123 part = part.strip()
124 if '=' in part:
125 name, value = part.split('=', 1)
126 params[name.strip()] = unquote_plus(value.strip())
127
128 for key in params:
129 if params[key] and isinstance(params[key], (tuple, list)):
130 params[key] = params[key][-1]
131
132 self.url, self.params = path, params
133
134 if self.url == '/':
135 if not any(_ in self.params for _ in ("id", "query")):
136 self.send_response(OK)
137 self.send_header("Content-type", "text/html; charset=%s" % UNICODE_ENCODING)
138 self.send_header("Connection", "close")
139 self.end_headers()
140 self.wfile.write(b"<!DOCTYPE html><html><head><title>vulnserver</title></head><body><h3>GET:</h3><a href='/?id=1'>link</a><hr><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></body></html>")
141 else:
142 code, output = OK, ""
143
144 try:
145 if self.params.get("echo", ""):
146 output += "%s<br>" % self.params["echo"]
147
148 if self.params.get("reflect", ""):
149 output += "%s<br>" % self.params.get("id")
150
151 with _lock:

Callers 3

do_GETMethod · 0.95
do_HEADMethod · 0.95
do_POSTMethod · 0.95

Calls 8

decodeMethod · 0.80
updateMethod · 0.45
writeMethod · 0.45
replaceMethod · 0.45
getMethod · 0.45
executeMethod · 0.45
fetchallMethod · 0.45
searchMethod · 0.45

Tested by

no test coverage detected