minor improvement

2025-11-04 09:57:38 +03:00 · 2011-11-21 17:39:18 +00:00 · 2011-11-21 17:39:18 +00:00 · 4fa24ec704
commit 4fa24ec704
parent 65b2b0ad87
3 changed files with 12 additions and 10 deletions
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -141,7 +141,7 @@ def cmdLineParser():
                           help="Test requests between two visits to a given safe url")

        request.add_option("--eval", dest="evalCode",
-                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(str(id)).hexdigest()\")")
+                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")

        # Optimization options
        optimization = OptionGroup(parser, "Optimization", "These "
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -605,13 +605,15 @@ class Connect:
                            cookie = _randomizeParameter(cookie, randomParameter)

        if conf.evalCode:
+            delimiter = conf.pDel or "&"
            variables = {}
            originals = {}

-            if get:
-                executeCode(get.replace("&", ";"), variables)
-            if post:
-                executeCode(post.replace("&", ";"), variables)
+            for item in filter(None, (get, post)):
+                for part in item.split(delimiter):
+                    if '=' in part:
+                        name, value = part.split('=', 1)
+                        executeCode("%s='%s'" % (name, value), variables)

            originals.update(variables)
            executeCode(conf.evalCode, variables)
@ -621,13 +623,13 @@ class Connect:
                    if isinstance(value, (basestring, int)):
                        value = unicode(value)
                        if '%s=' % name in (get or ""):
-                            get = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, get)
+                            get = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, get)
                        elif '%s=' % name in (post or ""):
-                            post = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, post)
+                            post = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, post)
                        elif post:
-                            post += "&%s=%s" % (name, value)
+                            post += "%s%s=%s" % (delimiter, name, value)
                        else:
-                            get += "&%s=%s" % (name, value)
+                            get += "%s%s=%s" % (delimiter, name, value)
                
        get = urlencode(get, limit=True)
        if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE):
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -131,7 +131,7 @@ safUrl =
 saFreq = 0

 # Evaluate provided Python code before the request
-# Example: import hashlib;id2=hashlib.md5(str(id)).hexdigest()
+# Example: import hashlib;id2=hashlib.md5(id).hexdigest()
 evalCode =