sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix for an Issue #648

Browse Source
This commit is contained in:
Miroslav Stampar 2014-03-21 20:28:16 +01:00
parent 276dab781b
commit 106102bd3c
4 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -1210,8 +1210,6 @@ def checkConnection(suppressOutput=False):
logger.info(infoMsg)
try:
Request.queryPage(content=True, noteResponseTime=False) # dropping first page because it can be totally different than subsequent (e.g. WebGoat) before the Cookie is set up
page, _ = Request.queryPage(content=True, noteResponseTime=False)
kb.originalPage = kb.pageTemplate = page

1
lib/core/option.py
View File

@ -1672,6 +1672,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.permissionFlag = False
kb.postHint = None
kb.postSpaceToPlus = False
kb.postUrlEncode = True
kb.prependFlag = False
kb.processResponseCounter = 0
kb.previousMethod = None

14
lib/core/target.py
View File

@ -577,11 +577,15 @@ def initTargetEnv():
class _(unicode):
pass
original = conf.data
conf.data = _(urldecode(conf.data))
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
kb.postSpaceToPlus = '+' in original
for key, value in conf.httpHeaders:
if key.upper() == HTTP_HEADER.CONTENT_TYPE.upper():
kb.postUrlEncode = "urlencoded" in value
break
if kb.postUrlEncode:
original = conf.data
conf.data = _(urldecode(conf.data))
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
kb.postSpaceToPlus = '+' in original
def setupTargetEnv():
_createTargetDirs()

15
lib/request/connect.py
View File

@ -12,10 +12,9 @@ import re
import socket
import string
import time
import traceback
import urllib2
import urlparse
import time
import traceback
from extra.safe2bin.safe2bin import safecharencode
from lib.core.agent import agent
@ -616,7 +615,6 @@ class Connect(object):
pageLength = None
uri = None
code = None
urlEncodePost = None
if not place:
place = kb.injection.place or PLACE.GET
@ -630,10 +628,9 @@ class Connect(object):
if conf.httpHeaders:
headers = dict(conf.httpHeaders)
contentType = max(headers[_] if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else None for _ in headers.keys())
urlEncodePost = contentType and "urlencoded" in contentType or contentType is None
if (kb.postHint or conf.skipUrlEncode) and urlEncodePost:
urlEncodePost = False
if (kb.postHint or conf.skipUrlEncode) and kb.postUrlEncode:
kb.postUrlEncode = False
conf.httpHeaders = [_ for _ in conf.httpHeaders if _[1] != contentType]
contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)
conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))
@ -671,8 +668,8 @@ class Connect(object):
value = agent.replacePayload(value, payload)
else:
# GET, POST, URI and Cookie payload needs to be throughly URL encoded
if place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and urlEncodePost:
payload = urlencode(payload, '%', False, place != PLACE.URI)
if place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and kb.postUrlEncode:
payload = urlencode(payload, '%', False, place != PLACE.URI, place in (PLACE.POST, PLACE.CUSTOM_POST) and kb.postUrlEncode and kb.postSpaceToPlus)
value = agent.replacePayload(value, payload)
if conf.hpp:
@ -815,7 +812,7 @@ class Connect(object):
if post is not None:
if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
post = getattr(post, UNENCODED_ORIGINAL_VALUE)
elif urlEncodePost:
elif kb.postUrlEncode:
post = urlencode(post, spaceplus=kb.postSpaceToPlus)
if timeBasedCompare: