From 30cd877c4a92aa4b572a1941b1c34234300e4ae3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 22 Jan 2011 16:23:33 +0000 Subject: [PATCH] fix for URI based injections --- lib/core/agent.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index a88440476..ac10c05b7 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -75,6 +75,10 @@ class Agent: paramDict = conf.paramDict[place] origValue = paramDict[parameter] + if place == PLACE.URI: + origValue = origValue.split('*')[0] + origValue = origValue[origValue.rfind('/') + 1:] + if value is None: if where == 1: value = origValue @@ -101,7 +105,7 @@ class Agent: retValue = ET.tostring(root) elif place in (PLACE.UA, PLACE.URI): - retValue = paramString.replace("*", self.addPayloadDelimiters(newValue)) + retValue = paramString.replace("%s*" % origValue, self.addPayloadDelimiters(newValue)) else: retValue = paramString.replace("%s=%s" % (parameter, origValue), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue)))