mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	Better treating of numeric values (Issue #49)
This commit is contained in:
		
							parent
							
								
									31aa9be1c7
								
							
						
					
					
						commit
						84b05e2d18
					
				|  | @ -25,6 +25,7 @@ from lib.core.dicts import SQL_STATEMENTS | ||||||
| from lib.core.enums import DBMS | from lib.core.enums import DBMS | ||||||
| from lib.core.enums import PAYLOAD | from lib.core.enums import PAYLOAD | ||||||
| from lib.core.enums import PLACE | from lib.core.enums import PLACE | ||||||
|  | from lib.core.enums import POST_HINT | ||||||
| from lib.core.exception import sqlmapNoneDataException | from lib.core.exception import sqlmapNoneDataException | ||||||
| from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR | from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR | ||||||
| from lib.core.settings import GENERIC_SQL_COMMENT | from lib.core.settings import GENERIC_SQL_COMMENT | ||||||
|  | @ -111,7 +112,10 @@ class Agent: | ||||||
|         newValue = self.cleanupPayload(newValue, origValue) |         newValue = self.cleanupPayload(newValue, origValue) | ||||||
| 
 | 
 | ||||||
|         if place in (PLACE.URI, PLACE.CUSTOM_POST): |         if place in (PLACE.URI, PLACE.CUSTOM_POST): | ||||||
|             retVal = paramString.replace("%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue)).replace(CUSTOM_INJECTION_MARK_CHAR, "") |             _ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR) | ||||||
|  |             if kb.postHint == POST_HINT.JSON and not newValue.isdigit() and not '"%s"' % _ in paramString: | ||||||
|  |                 newValue = '"%s"' % newValue | ||||||
|  |             retVal = paramString.replace(_, self.addPayloadDelimiters(newValue)).replace(CUSTOM_INJECTION_MARK_CHAR, "") | ||||||
|         elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST): |         elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST): | ||||||
|             retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue)) |             retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue)) | ||||||
|         else: |         else: | ||||||
|  |  | ||||||
|  | @ -93,8 +93,8 @@ def __setRequestParams(): | ||||||
|             if test and test[0] in ("q", "Q"): |             if test and test[0] in ("q", "Q"): | ||||||
|                 raise sqlmapUserQuitException |                 raise sqlmapUserQuitException | ||||||
|             elif test[0] not in ("n", "N"): |             elif test[0] not in ("n", "N"): | ||||||
|                 conf.data = re.sub(r'("[^"]+"\s*:\s*"[^"]+)"', r'\g<1>*"', conf.data) |                 conf.data = re.sub(r'("[^"]+"\s*:\s*"[^"]+)"', r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, conf.data) | ||||||
|                 conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?[\d\.]+)', r'\g<1>"\g<2>*"', conf.data) |                 conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?[\d\.]+\b)', r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, conf.data) | ||||||
|                 kb.processUserMarks = True |                 kb.processUserMarks = True | ||||||
|                 kb.postHint = POST_HINT.JSON |                 kb.postHint = POST_HINT.JSON | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -588,7 +588,10 @@ class Connect: | ||||||
|                     # with their HTML encoded counterparts |                     # with their HTML encoded counterparts | ||||||
|                     payload = payload.replace('>', ">").replace('<', "<") |                     payload = payload.replace('>', ">").replace('<', "<") | ||||||
|                 elif kb.postHint == POST_HINT.JSON: |                 elif kb.postHint == POST_HINT.JSON: | ||||||
|                     payload = json.dumps(payload)[1:-1] |                     if payload.startswith('"') and payload.endswith('"'): | ||||||
|  |                         payload = json.dumps(payload[1:-1]) | ||||||
|  |                     else: | ||||||
|  |                         payload = json.dumps(payload)[1:-1] | ||||||
|                 value = agent.replacePayload(value, payload) |                 value = agent.replacePayload(value, payload) | ||||||
| 
 | 
 | ||||||
|             else: |             else: | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user