mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	minor fix for special cases when parameter value contains html encoded characters
This commit is contained in:
		
							parent
							
								
									c1ab02494c
								
							
						
					
					
						commit
						23cc8b6974
					
				|  | @ -27,7 +27,6 @@ from lib.core.common import getFilteredPageContent | |||
| from lib.core.common import getPublicTypeMembers | ||||
| from lib.core.common import getUnicode | ||||
| from lib.core.common import intersect | ||||
| from lib.core.common import paramToDict | ||||
| from lib.core.common import parseTargetUrl | ||||
| from lib.core.common import randomStr | ||||
| from lib.core.common import readInput | ||||
|  |  | |||
|  | @ -106,6 +106,8 @@ from lib.core.settings import DEFAULT_MSSQL_SCHEMA | |||
| from lib.core.settings import DUMP_NEWLINE_MARKER | ||||
| from lib.core.settings import DUMP_CR_MARKER | ||||
| from lib.core.settings import DUMP_TAB_MARKER | ||||
| from lib.core.settings import PARAMETER_AMP_MARKER | ||||
| from lib.core.settings import PARAMETER_SEMICOLON_MARKER | ||||
| from lib.core.settings import LARGE_OUTPUT_THRESHOLD | ||||
| from lib.core.settings import ML | ||||
| from lib.core.settings import MIN_TIME_RESPONSES | ||||
|  | @ -687,10 +689,11 @@ def paramToDict(place, parameters=None): | |||
| 
 | ||||
|     if place != PLACE.SOAP: | ||||
|         parameters = parameters.replace(", ", ",") | ||||
| 
 | ||||
|         parameters = re.sub(r"&(\w{1,4});", r"%s\g<1>%s" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), parameters) | ||||
|         splitParams = parameters.split(conf.pDel or (DEFAULT_COOKIE_DELIMITER if place == PLACE.COOKIE else DEFAULT_GET_POST_DELIMITER)) | ||||
| 
 | ||||
|         for element in splitParams: | ||||
|             element = re.sub(r"%s(.+?)%s" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), r"&\g<1>;", element) | ||||
|             elem = element.split("=") | ||||
| 
 | ||||
|             if len(elem) >= 2: | ||||
|  |  | |||
|  | @ -52,6 +52,10 @@ DUMP_CR_MARKER = "__CARRIAGE_RETURN__" | |||
| DUMP_TAB_MARKER = "__TAB__" | ||||
| DUMP_DEL_MARKER = "__DEL__" | ||||
| 
 | ||||
| # markers for special cases when parameter values contain html encoded characters | ||||
| PARAMETER_AMP_MARKER = "__AMP__" | ||||
| PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__" | ||||
| 
 | ||||
| URI_QUESTION_MARKER = "__QUESTION_MARK__" | ||||
| 
 | ||||
| PAYLOAD_DELIMITER = "\x00" | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user