sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 09:57:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor update for an Issue #267

Browse Source
This commit is contained in:
Miroslav Stampar 2012-12-10 13:05:41 +01:00
parent 96df0ba061
commit 8bd0080bf4
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/request/connect.py
View File

@ -628,8 +628,9 @@ class Connect(object):
if place in (PLACE.GET, PLACE.POST): if place in (PLACE.GET, PLACE.POST):
_ = re.escape(PAYLOAD_DELIMITER) _ = re.escape(PAYLOAD_DELIMITER)
match = re.search("(?P<name>\w+)=%s(?P<value>.+?)%s" % (_, _), value) match = re.search("(?P<name>\w+)=%s(?P<value>.+?)%s" % (_, _), value)
payload = match.group("value")
if match: if match:
payload = match.group("value")
for splitter in (urlencode(' '), ' '): for splitter in (urlencode(' '), ' '):
if splitter in payload: if splitter in payload:
prefix, suffix = ("*/", "/*") if splitter == ' ' else (urlencode(_) for _ in ("*/", "/*")) prefix, suffix = ("*/", "/*") if splitter == ' ' else (urlencode(_) for _ in ("*/", "/*"))
@ -640,9 +641,10 @@ class Connect(object):
parts[i] = "%s%s=%s%s%s" % (DEFAULT_GET_POST_DELIMITER, match.group("name"), prefix, parts[i], suffix) parts[i] = "%s%s=%s%s%s" % (DEFAULT_GET_POST_DELIMITER, match.group("name"), prefix, parts[i], suffix)
payload = "".join(parts) payload = "".join(parts)
break break
for splitter in (urlencode(','), ','): for splitter in (urlencode(','), ','):
payload = payload.replace(splitter, "%s%s=" % (DEFAULT_GET_POST_DELIMITER, match.group("name"))) payload = payload.replace(splitter, "%s%s=" % (DEFAULT_GET_POST_DELIMITER, match.group("name")))
if payload:
value = agent.replacePayload(value, payload) value = agent.replacePayload(value, payload)
else: else:
warnMsg = "HTTP parameter pollution works only with regular " warnMsg = "HTTP parameter pollution works only with regular "