Oracle supports inline comments too (Issue #267)

2024-11-22 17:46:37 +03:00 · 2012-12-10 12:00:15 +01:00 · 2012-12-10 12:00:15 +01:00 · 5606a860ce
commit 5606a860ce
parent a024884ca7
1 changed files with 11 additions and 23 deletions
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -18,7 +18,6 @@ import traceback
 from extra.safe2bin.safe2bin import safecharencode
 from lib.core.agent import agent
 from lib.core.common import asciifyUrl
-from lib.core.common import Backend
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import clearConsoleLine
 from lib.core.common import cpuThrottle
@ -44,7 +43,6 @@ from lib.core.data import logger
 from lib.core.dicts import POST_HINT_CONTENT_TYPES
 from lib.core.enums import ADJUST_TIME_DELAY
 from lib.core.enums import CUSTOM_LOGGING
-from lib.core.enums import DBMS
 from lib.core.enums import HTTPHEADER
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import NULLCONNECTION
@ -632,27 +630,17 @@ class Connect(object):
                    match = re.search("(\w+)=%s(.+?)%s" % (_, _), value)
                    if match:
                        parameter, content = match.groups()
-                        if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.MSSQL, DBMS.PGSQL):  # DBMSes that support inline comments
-                            for splitter in (urlencode(' '), ' '):
-                                if splitter in content:
-                                    prefix, suffix = ("*/", "/*") if splitter == ' ' else (urlencode(_) for _ in ("*/", "/*"))
-                                    parts = content.split(splitter)
-                                    parts[0] = "%s%s" % (parts[0], suffix)
-                                    parts[-1] = "%s%s=%s%s" % (DEFAULT_GET_POST_DELIMITER, parameter, prefix, parts[-1])
-                                    for i in xrange(1, len(parts) - 1):
-                                        parts[i] = "%s%s=%s%s%s" % (DEFAULT_GET_POST_DELIMITER, parameter, prefix, parts[i], suffix)
-                                    payload = "".join(parts)
-                                    value = agent.replacePayload(value, payload)
-                                    break
-                        else:
-                            for splitter in (urlencode(','), ','):  # generic
-                                if splitter in content:
-                                    parts = content.split(splitter)
-                                    for i in xrange(1, len(parts)):
-                                        parts[i] = "%s%s=%s" % (DEFAULT_GET_POST_DELIMITER, parameter, parts[i])
-                                    payload = "".join(parts)
-                                    value = agent.replacePayload(value, payload)
-                                    break
+                        for splitter in (urlencode(' '), ' '):
+                            if splitter in content:
+                                prefix, suffix = ("*/", "/*") if splitter == ' ' else (urlencode(_) for _ in ("*/", "/*"))
+                                parts = content.split(splitter)
+                                parts[0] = "%s%s" % (parts[0], suffix)
+                                parts[-1] = "%s%s=%s%s" % (DEFAULT_GET_POST_DELIMITER, parameter, prefix, parts[-1])
+                                for i in xrange(1, len(parts) - 1):
+                                    parts[i] = "%s%s=%s%s%s" % (DEFAULT_GET_POST_DELIMITER, parameter, prefix, parts[i], suffix)
+                                payload = "".join(parts)
+                                value = agent.replacePayload(value, payload)
+                                break
                else:
                    warnMsg = "HTTP parameter pollution works only with regular "
                    warnMsg += "GET and POST parameters"