Patch for URL encoding cookie values (asking the user to choose)

2024-11-22 17:46:37 +03:00 · 2016-05-30 17:47:08 +02:00 · 2016-05-30 17:47:08 +02:00 · 2fa4b22645
commit 2fa4b22645
parent 229d3a7dd0
3 changed files with 15 additions and 3 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1823,6 +1823,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):

    kb.columnExistsChoice = None
    kb.commonOutputs = None
+    kb.cookieEncodeChoice = None
    kb.counters = {}
    kb.data = AttribDict()
    kb.dataOutputFlag = False
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.5.112"
+VERSION = "1.0.5.113"
 REVISION = getRevisionNumber()
 STABLE = VERSION.count('.') <= 2
 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -794,6 +794,17 @@ class Connect(object):
            else:
                # GET, POST, URI and Cookie payload needs to be thoroughly URL encoded
                if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and kb.postUrlEncode:
+                    skip = False
+
+                    if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE:
+                        if kb.cookieEncodeChoice is None:
+                            msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]")  # Reference: https://support.microsoft.com/en-us/kb/313282
+                            choice = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N')
+                            kb.cookieEncodeChoice = choice.upper().strip() == "Y"
+                        if not kb.cookieEncodeChoice:
+                            skip = True
+
+                    if not skip:
                        payload = urlencode(payload, '%', False, place != PLACE.URI)  # spaceplus is handled down below
                        value = agent.replacePayload(value, payload)