mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
changes regarding Data (GET/POST/Cookie) encoding (Bug #129)
This commit is contained in:
parent
1d968f51e9
commit
26c7b74e65
|
@ -31,7 +31,6 @@ from lib.controller.checks import checkRegexp
|
|||
from lib.controller.checks import checkConnection
|
||||
from lib.core.common import paramToDict
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import sanitizeCookie
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -162,10 +161,9 @@ def start():
|
|||
setCookieAsInjectable = False
|
||||
|
||||
if setCookieAsInjectable:
|
||||
safeCookie = sanitizeCookie(cookieStr)
|
||||
conf.httpHeaders.append(("Cookie", safeCookie))
|
||||
conf.parameters["Cookie"] = safeCookie
|
||||
__paramDict = paramToDict("Cookie", safeCookie)
|
||||
conf.httpHeaders.append(("Cookie", cookieStr))
|
||||
conf.parameters["Cookie"] = cookieStr
|
||||
__paramDict = paramToDict("Cookie", cookieStr)
|
||||
|
||||
if __paramDict:
|
||||
conf.paramDict["Cookie"] = __paramDict
|
||||
|
|
|
@ -26,6 +26,7 @@ import re
|
|||
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import queries
|
||||
|
@ -78,6 +79,11 @@ class Agent:
|
|||
retValue = paramString.replace("%s=%s" % (parameter, value),
|
||||
"%s=%s" % (parameter, newValue))
|
||||
|
||||
if conf.cookieUrlencode and (kb.injPlace == "Cookie" or place == "Cookie"):
|
||||
name = retValue[:retValue.find('=')]
|
||||
value = retValue[retValue.find('=') + 1:]
|
||||
retValue = "%s=%s" % (name, urlencode(value, convall=True))
|
||||
|
||||
return retValue
|
||||
|
||||
def fullPayload(self, query):
|
||||
|
|
|
@ -38,7 +38,6 @@ from lib.core.common import getFileType
|
|||
from lib.core.common import parseTargetUrl
|
||||
from lib.core.common import paths
|
||||
from lib.core.common import randomRange
|
||||
from lib.core.common import sanitizeCookie
|
||||
from lib.core.common import sanitizeStr
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
|
@ -847,8 +846,6 @@ def __setHTTPCookies():
|
|||
debugMsg = "setting the HTTP Cookie header"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
conf.cookie = sanitizeCookie(conf.cookie, True)
|
||||
|
||||
conf.httpHeaders.append(("Connection", "Keep-Alive"))
|
||||
conf.httpHeaders.append(("Cookie", conf.cookie))
|
||||
|
||||
|
|
|
@ -61,7 +61,8 @@ optDict = {
|
|||
"string": "string",
|
||||
"regexp": "string",
|
||||
"eString": "string",
|
||||
"eRegexp": "string"
|
||||
"eRegexp": "string",
|
||||
"cookieUrlencode": "boolean"
|
||||
},
|
||||
|
||||
"Techniques": {
|
||||
|
|
|
@ -28,7 +28,6 @@ import time
|
|||
from lib.core.common import dataToSessionFile
|
||||
from lib.core.common import paramToDict
|
||||
from lib.core.common import parseTargetUrl
|
||||
from lib.core.common import sanitizeCookie
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -73,7 +72,6 @@ def __setRequestParams():
|
|||
|
||||
# Perform checks on Cookie parameters
|
||||
if conf.cookie:
|
||||
conf.cookie = sanitizeCookie(conf.cookie)
|
||||
conf.parameters["Cookie"] = conf.cookie
|
||||
__paramDict = paramToDict("Cookie", conf.cookie)
|
||||
|
||||
|
|
|
@ -164,6 +164,10 @@ def cmdLineParser():
|
|||
help="Matches to be excluded before "
|
||||
"comparing page contents")
|
||||
|
||||
injection.add_option("--cookie-urlencode", dest="cookieUrlencode",
|
||||
action="store_true",
|
||||
help="URLEncode generated cookie injections")
|
||||
|
||||
# Techniques options
|
||||
techniques = OptionGroup(parser, "Techniques", "These options can "
|
||||
"be used to test for specific SQL injection "
|
||||
|
|
|
@ -31,7 +31,6 @@ import urlparse
|
|||
import traceback
|
||||
|
||||
from lib.contrib import multipartpost
|
||||
from lib.core.common import sanitizeCookie
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
|
@ -121,7 +120,7 @@ class Connect:
|
|||
|
||||
try:
|
||||
# Perform HTTP request
|
||||
headers = forgeHeaders(sanitizeCookie(cookie), ua)
|
||||
headers = forgeHeaders(cookie, ua)
|
||||
req = urllib2.Request(url, post, headers)
|
||||
conn = urllib2.urlopen(req)
|
||||
|
||||
|
|
|
@ -155,6 +155,9 @@ eString =
|
|||
# (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
|
||||
eRegexp =
|
||||
|
||||
# URLEncode generated cookie injections.
|
||||
# Valid: True or False
|
||||
cookieUrlencode = False
|
||||
|
||||
[Techniques]
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user