From 637d3cbaf72c55ff19fb00809fc55ea00fff4695 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 12 Sep 2014 13:29:30 +0200 Subject: [PATCH] Fix for cases when parameter name is urlencoded --- lib/core/agent.py | 3 +++ lib/core/common.py | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index ce78736ee..923677b15 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -19,6 +19,7 @@ from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import singleTimeWarnMessage from lib.core.common import splitFields from lib.core.common import unArrayizeValue +from lib.core.common import urlencode from lib.core.common import zeroDepthSearch from lib.core.data import conf from lib.core.data import kb @@ -153,6 +154,8 @@ class Agent(object): retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue)) else: retVal = re.sub(r"(\A|\b)%s=%s" % (re.escape(parameter), re.escape(origValue)), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString) + if retVal == paramString and urlencode(parameter) != parameter: + retVal = re.sub(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString) return retVal diff --git a/lib/core/common.py b/lib/core/common.py index 0ac8eee6b..cbca1080d 100755 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -549,7 +549,7 @@ def paramToDict(place, parameters=None): parts = element.split("=") if len(parts) >= 2: - parameter = parts[0].replace(" ", "") + parameter = urldecode(parts[0].replace(" ", "")) if conf.paramDel and conf.paramDel == '\n': parts[-1] = parts[-1].rstrip()