changes regarding Data (GET/POST/Cookie) encoding (Bug #129)

2025-06-08 07:03:10 +03:00 · 2010-01-14 18:05:03 +00:00 · 2010-01-14 18:05:03 +00:00 · 26c7b74e65
commit 26c7b74e65
parent 1d968f51e9
8 changed files with 20 additions and 14 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -31,7 +31,6 @@ from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
 from lib.core.common import paramToDict
 from lib.core.common import readInput
 from lib.core.common import sanitizeCookie
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -162,10 +161,9 @@ def start():
                        setCookieAsInjectable = False
                if setCookieAsInjectable:
-                    safeCookie = sanitizeCookie(cookieStr)
+                    conf.httpHeaders.append(("Cookie", cookieStr))
-                    conf.httpHeaders.append(("Cookie", safeCookie))
+                    conf.parameters["Cookie"] = cookieStr
-                    conf.parameters["Cookie"] = safeCookie
+                    __paramDict = paramToDict("Cookie", cookieStr)
                    __paramDict = paramToDict("Cookie", safeCookie)
                    if __paramDict:
                        conf.paramDict["Cookie"] = __paramDict
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -26,6 +26,7 @@ import re
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import queries
@ -78,6 +79,11 @@ class Agent:
            retValue = paramString.replace("%s=%s" % (parameter, value),
                                           "%s=%s" % (parameter, newValue))
        if conf.cookieUrlencode and (kb.injPlace == "Cookie" or place == "Cookie"):
            name = retValue[:retValue.find('=')]
            value = retValue[retValue.find('=') + 1:]
            retValue = "%s=%s" % (name, urlencode(value, convall=True))
        return retValue
    def fullPayload(self, query):
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -38,7 +38,6 @@ from lib.core.common import getFileType
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
 from lib.core.common import sanitizeCookie
 from lib.core.common import sanitizeStr
 from lib.core.data import conf
 from lib.core.data import kb
@ -847,8 +846,6 @@ def __setHTTPCookies():
        debugMsg = "setting the HTTP Cookie header"
        logger.debug(debugMsg)
        conf.cookie = sanitizeCookie(conf.cookie, True)
        conf.httpHeaders.append(("Connection", "Keep-Alive"))
        conf.httpHeaders.append(("Cookie", conf.cookie))
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -61,7 +61,8 @@ optDict = {
                               "string":            "string",
                               "regexp":            "string",
                               "eString":           "string",
-                               "eRegexp":           "string"
+                               "eRegexp":           "string",
                               "cookieUrlencode":   "boolean"
                             },
            "Techniques":    {
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -28,7 +28,6 @@ import time
 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
 from lib.core.common import sanitizeCookie
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -73,7 +72,6 @@ def __setRequestParams():
    # Perform checks on Cookie parameters
    if conf.cookie:
        conf.cookie = sanitizeCookie(conf.cookie)
        conf.parameters["Cookie"] = conf.cookie
        __paramDict = paramToDict("Cookie", conf.cookie)
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -164,6 +164,10 @@ def cmdLineParser():
                             help="Matches to be excluded before "
                                  "comparing page contents")
        injection.add_option("--cookie-urlencode", dest="cookieUrlencode",
                              action="store_true",
                              help="URLEncode generated cookie injections")
        # Techniques options
        techniques = OptionGroup(parser, "Techniques", "These options can "
                                 "be used to test for specific SQL injection "
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -31,7 +31,6 @@ import urlparse
 import traceback
 from lib.contrib import multipartpost
 from lib.core.common import sanitizeCookie
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
@ -121,7 +120,7 @@ class Connect:
        try:
            # Perform HTTP request
-            headers        = forgeHeaders(sanitizeCookie(cookie), ua)
+            headers        = forgeHeaders(cookie, ua)
            req            = urllib2.Request(url, post, headers)
            conn           = urllib2.urlopen(req)
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -155,6 +155,9 @@ eString =
 # (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
 eRegexp = 
 # URLEncode generated cookie injections.
 # Valid: True or False
 cookieUrlencode = False
 [Techniques]