From 831c960216140290fe1bf1f65aae9fe6a96c6204 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 26 May 2016 16:47:38 +0200 Subject: [PATCH] Update for an Issue #1899 --- lib/core/settings.py | 2 +- lib/request/connect.py | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 78c95a468..0e714325c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.5.70" +VERSION = "1.0.5.71" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") diff --git a/lib/request/connect.py b/lib/request/connect.py index 8f20ae393..91be496bb 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -863,9 +863,13 @@ class Connect(object): if conf.csrfToken: def _adjustParameter(paramString, parameter, newValue): retVal = paramString - match = re.search("%s=(?P[^&]*)" % re.escape(parameter), paramString) + match = re.search("%s=[^&]*" % re.escape(parameter), paramString) if match: - retVal = re.sub("%s=[^&]*" % re.escape(parameter), "%s=%s" % (parameter, newValue), paramString) + retVal = re.sub(match.group(0), "%s=%s" % (parameter, newValue), paramString) + else: + match = re.search("(%s[\"']:[\"'])([^\"']+)" % re.escape(parameter), paramString) + if match: + retVal = re.sub(match.group(0), "%s%s" % (match.group(1), newValue), paramString) return retVal page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))