mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Fixes #2982
This commit is contained in:
parent
909a3456e3
commit
3c5e9e7559
|
@ -152,7 +152,7 @@ def _formatInjection(inj):
|
|||
vector = "%s%s" % (vector, comment)
|
||||
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
|
||||
data += " Title: %s\n" % title
|
||||
data += " Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place != PLACE.GET and kb.postSpaceToPlus))
|
||||
data += " Payload: %s\n" % urldecode(payload, unsafe="&", spaceplus=(inj.place != PLACE.GET and kb.postSpaceToPlus))
|
||||
data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
|
||||
|
||||
return data
|
||||
|
|
|
@ -2535,7 +2535,7 @@ def findMultipartPostBoundary(post):
|
|||
|
||||
return retVal
|
||||
|
||||
def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False, plusspace=True):
|
||||
def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False, spaceplus=True):
|
||||
"""
|
||||
URL decodes given value
|
||||
|
||||
|
@ -2553,14 +2553,14 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
|
|||
pass
|
||||
finally:
|
||||
if convall:
|
||||
result = urllib.unquote_plus(value) if plusspace else urllib.unquote(value)
|
||||
result = urllib.unquote_plus(value) if spaceplus else urllib.unquote(value)
|
||||
else:
|
||||
def _(match):
|
||||
charset = reduce(lambda x, y: x.replace(y, ""), unsafe, string.printable)
|
||||
char = chr(ord(match.group(1).decode("hex")))
|
||||
return char if char in charset else match.group(0)
|
||||
result = value
|
||||
if plusspace:
|
||||
if spaceplus:
|
||||
result = result.replace('+', ' ') # plus sign has a special meaning in URL encoded data (hence the usage of urllib.unquote_plus in convall case)
|
||||
result = re.sub(r"%([0-9a-fA-F]{2})", _, result)
|
||||
|
||||
|
@ -3997,7 +3997,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
|
|||
url = urldecode(request.get_full_url(), kb.pageEncoding)
|
||||
method = request.get_method()
|
||||
data = request.get_data() if request.has_data() else None
|
||||
data = urldecode(data, kb.pageEncoding, plusspace=False)
|
||||
data = urldecode(data, kb.pageEncoding, spaceplus=False)
|
||||
|
||||
if not data and method and method.upper() == HTTPMETHOD.POST:
|
||||
debugMsg = "invalid POST form with blank data detected"
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.2.3.24"
|
||||
VERSION = "1.2.3.25"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -22,12 +22,12 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py
|
|||
b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py
|
||||
0f581182871148b0456a691ae85b04c0 lib/controller/action.py
|
||||
62a348c0ed32c7e67cd456680791cad5 lib/controller/checks.py
|
||||
a66044daa98684fde830324c54da98ee lib/controller/controller.py
|
||||
2ba69df20a4ca72b4255761c3463b8a4 lib/controller/controller.py
|
||||
c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py
|
||||
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
|
||||
b1990c7805943f0c973a853bba981d96 lib/core/agent.py
|
||||
fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py
|
||||
33c03aad7f4c6e7241b6f204560e69ca lib/core/common.py
|
||||
6266f487eeafeccab0c2d7f43d20e85c lib/core/common.py
|
||||
1c4c4bf8eacc911378a2e4b2f9f03184 lib/core/convert.py
|
||||
9f87391b6a3395f7f50830b391264f27 lib/core/data.py
|
||||
72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py
|
||||
|
@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py
|
|||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||
f4e6be0b4a75c886fafdc080d251c57b lib/core/settings.py
|
||||
13c487c03a2555f9addb386990b77004 lib/core/settings.py
|
||||
0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py
|
||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||
12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user