mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Fix for an Issue #648
This commit is contained in:
parent
276dab781b
commit
106102bd3c
|
@ -1210,8 +1210,6 @@ def checkConnection(suppressOutput=False):
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Request.queryPage(content=True, noteResponseTime=False) # dropping first page because it can be totally different than subsequent (e.g. WebGoat) before the Cookie is set up
|
|
||||||
|
|
||||||
page, _ = Request.queryPage(content=True, noteResponseTime=False)
|
page, _ = Request.queryPage(content=True, noteResponseTime=False)
|
||||||
kb.originalPage = kb.pageTemplate = page
|
kb.originalPage = kb.pageTemplate = page
|
||||||
|
|
||||||
|
|
|
@ -1672,6 +1672,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.permissionFlag = False
|
kb.permissionFlag = False
|
||||||
kb.postHint = None
|
kb.postHint = None
|
||||||
kb.postSpaceToPlus = False
|
kb.postSpaceToPlus = False
|
||||||
|
kb.postUrlEncode = True
|
||||||
kb.prependFlag = False
|
kb.prependFlag = False
|
||||||
kb.processResponseCounter = 0
|
kb.processResponseCounter = 0
|
||||||
kb.previousMethod = None
|
kb.previousMethod = None
|
||||||
|
|
|
@ -577,11 +577,15 @@ def initTargetEnv():
|
||||||
class _(unicode):
|
class _(unicode):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
original = conf.data
|
for key, value in conf.httpHeaders:
|
||||||
conf.data = _(urldecode(conf.data))
|
if key.upper() == HTTP_HEADER.CONTENT_TYPE.upper():
|
||||||
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
|
kb.postUrlEncode = "urlencoded" in value
|
||||||
|
break
|
||||||
kb.postSpaceToPlus = '+' in original
|
if kb.postUrlEncode:
|
||||||
|
original = conf.data
|
||||||
|
conf.data = _(urldecode(conf.data))
|
||||||
|
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
|
||||||
|
kb.postSpaceToPlus = '+' in original
|
||||||
|
|
||||||
def setupTargetEnv():
|
def setupTargetEnv():
|
||||||
_createTargetDirs()
|
_createTargetDirs()
|
||||||
|
|
|
@ -12,10 +12,9 @@ import re
|
||||||
import socket
|
import socket
|
||||||
import string
|
import string
|
||||||
import time
|
import time
|
||||||
|
import traceback
|
||||||
import urllib2
|
import urllib2
|
||||||
import urlparse
|
import urlparse
|
||||||
import time
|
|
||||||
import traceback
|
|
||||||
|
|
||||||
from extra.safe2bin.safe2bin import safecharencode
|
from extra.safe2bin.safe2bin import safecharencode
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
|
@ -616,7 +615,6 @@ class Connect(object):
|
||||||
pageLength = None
|
pageLength = None
|
||||||
uri = None
|
uri = None
|
||||||
code = None
|
code = None
|
||||||
urlEncodePost = None
|
|
||||||
|
|
||||||
if not place:
|
if not place:
|
||||||
place = kb.injection.place or PLACE.GET
|
place = kb.injection.place or PLACE.GET
|
||||||
|
@ -630,10 +628,9 @@ class Connect(object):
|
||||||
if conf.httpHeaders:
|
if conf.httpHeaders:
|
||||||
headers = dict(conf.httpHeaders)
|
headers = dict(conf.httpHeaders)
|
||||||
contentType = max(headers[_] if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else None for _ in headers.keys())
|
contentType = max(headers[_] if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else None for _ in headers.keys())
|
||||||
urlEncodePost = contentType and "urlencoded" in contentType or contentType is None
|
|
||||||
|
|
||||||
if (kb.postHint or conf.skipUrlEncode) and urlEncodePost:
|
if (kb.postHint or conf.skipUrlEncode) and kb.postUrlEncode:
|
||||||
urlEncodePost = False
|
kb.postUrlEncode = False
|
||||||
conf.httpHeaders = [_ for _ in conf.httpHeaders if _[1] != contentType]
|
conf.httpHeaders = [_ for _ in conf.httpHeaders if _[1] != contentType]
|
||||||
contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)
|
contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)
|
||||||
conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))
|
conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))
|
||||||
|
@ -671,8 +668,8 @@ class Connect(object):
|
||||||
value = agent.replacePayload(value, payload)
|
value = agent.replacePayload(value, payload)
|
||||||
else:
|
else:
|
||||||
# GET, POST, URI and Cookie payload needs to be throughly URL encoded
|
# GET, POST, URI and Cookie payload needs to be throughly URL encoded
|
||||||
if place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and urlEncodePost:
|
if place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and kb.postUrlEncode:
|
||||||
payload = urlencode(payload, '%', False, place != PLACE.URI)
|
payload = urlencode(payload, '%', False, place != PLACE.URI, place in (PLACE.POST, PLACE.CUSTOM_POST) and kb.postUrlEncode and kb.postSpaceToPlus)
|
||||||
value = agent.replacePayload(value, payload)
|
value = agent.replacePayload(value, payload)
|
||||||
|
|
||||||
if conf.hpp:
|
if conf.hpp:
|
||||||
|
@ -815,7 +812,7 @@ class Connect(object):
|
||||||
if post is not None:
|
if post is not None:
|
||||||
if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
|
if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
|
||||||
post = getattr(post, UNENCODED_ORIGINAL_VALUE)
|
post = getattr(post, UNENCODED_ORIGINAL_VALUE)
|
||||||
elif urlEncodePost:
|
elif kb.postUrlEncode:
|
||||||
post = urlencode(post, spaceplus=kb.postSpaceToPlus)
|
post = urlencode(post, spaceplus=kb.postSpaceToPlus)
|
||||||
|
|
||||||
if timeBasedCompare:
|
if timeBasedCompare:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user