sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z])

Browse Source
This commit is contained in:
Miroslav Stampar 2015-02-24 15:05:44 +01:00
parent e35c7fbb7a
commit 6bcc95a20d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/request/connect.py
View File

@ -848,7 +848,7 @@ class Connect(object):
for part in item.split(delimiter): for part in item.split(delimiter):
if '=' in part: if '=' in part:
name, value = part.split('=', 1) name, value = part.split('=', 1)
name = name.strip() name = re.sub(r"[^\w]", "", name.strip())
if name in keywords: if name in keywords:
name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX) name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus)) value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
@ -858,7 +858,7 @@ class Connect(object):
for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER): for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER):
if '=' in part: if '=' in part:
name, value = part.split('=', 1) name, value = part.split('=', 1)
name = name.strip() name = re.sub(r"[^\w]", "", name.strip())
if name in keywords: if name in keywords:
name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX) name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
value = urldecode(value, convall=True) value = urldecode(value, convall=True)