mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 13:03:50 +03:00
fix for URI based injections
This commit is contained in:
parent
7bf05bf2cb
commit
30cd877c4a
|
@ -75,6 +75,10 @@ class Agent:
|
||||||
paramDict = conf.paramDict[place]
|
paramDict = conf.paramDict[place]
|
||||||
origValue = paramDict[parameter]
|
origValue = paramDict[parameter]
|
||||||
|
|
||||||
|
if place == PLACE.URI:
|
||||||
|
origValue = origValue.split('*')[0]
|
||||||
|
origValue = origValue[origValue.rfind('/') + 1:]
|
||||||
|
|
||||||
if value is None:
|
if value is None:
|
||||||
if where == 1:
|
if where == 1:
|
||||||
value = origValue
|
value = origValue
|
||||||
|
@ -101,7 +105,7 @@ class Agent:
|
||||||
|
|
||||||
retValue = ET.tostring(root)
|
retValue = ET.tostring(root)
|
||||||
elif place in (PLACE.UA, PLACE.URI):
|
elif place in (PLACE.UA, PLACE.URI):
|
||||||
retValue = paramString.replace("*", self.addPayloadDelimiters(newValue))
|
retValue = paramString.replace("%s*" % origValue, self.addPayloadDelimiters(newValue))
|
||||||
else:
|
else:
|
||||||
retValue = paramString.replace("%s=%s" % (parameter, origValue),
|
retValue = paramString.replace("%s=%s" % (parameter, origValue),
|
||||||
"%s=%s" % (parameter, self.addPayloadDelimiters(newValue)))
|
"%s=%s" % (parameter, self.addPayloadDelimiters(newValue)))
|
||||||
|
|
Loading…
Reference in New Issue
Block a user