Minor patch for an Issue #1861

2025-11-04 09:57:38 +03:00 · 2016-05-12 17:16:55 +02:00 · 2016-05-12 17:16:55 +02:00 · 2d801b7122
commit 2d801b7122
parent 1e07269fe3
2 changed files with 11 additions and 10 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -601,15 +601,16 @@ def paramToDict(place, parameters=None):
                        logger.warn(warnMsg)

                if place in (PLACE.POST, PLACE.GET):
-                    regex = r"\A([^\w]+.*\w+)([^\w]+)\Z"
-                    match = re.search(regex, testableParameters[parameter])
-                    if match:
-                        _ = re.sub(regex, "\g<1>%s\g<2>" % CUSTOM_INJECTION_MARK_CHAR, testableParameters[parameter])
-                        message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
-                        message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _
-                        test = readInput(message, default="N")
-                        if test[0] in ("y", "Y"):
-                            testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
+                    for regex in (r"\A((?:<[^>]+>)+\w+)((?:<[^>]+>)+)\Z", r"\A([^\w]+.*\w+)([^\w]+)\Z"):
+                        match = re.search(regex, testableParameters[parameter])
+                        if match:
+                            _ = re.sub(regex, "\g<1>%s\g<%d>" % (CUSTOM_INJECTION_MARK_CHAR, len(match.groups())), testableParameters[parameter])
+                            message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
+                            message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _
+                            test = readInput(message, default="N")
+                            if test[0] in ("y", "Y"):
+                                testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
+                            break

    if conf.testParameter and not testableParameters:
        paramStr = ", ".join(test for test in conf.testParameter)
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.5.21"
+VERSION = "1.0.5.22"
 REVISION = getRevisionNumber()
 STABLE = VERSION.count('.') <= 2
 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")