diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 06abe6780..60fc7bd49 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -407,7 +407,7 @@ def checkSqlInjection(place, parameter, value): # Feed with test details every time a test is successful injection.data[stype] = advancedDict() injection.data[stype].title = title - injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload, False) + injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload) injection.data[stype].where = where injection.data[stype].vector = vector injection.data[stype].comment = comment diff --git a/lib/core/agent.py b/lib/core/agent.py index baeb8502f..e64d7c7f4 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -716,20 +716,14 @@ class Agent: return retVal - def removePayloadDelimiters(self, inpStr, urlencode_=True): + def removePayloadDelimiters(self, inpStr): """ Removes payload delimiters from inside the input string """ retVal = inpStr if inpStr: - if urlencode_: - regObj = getCompiledRegex("(?P%s.*?%s)" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER)) - - for match in regObj.finditer(inpStr): - retVal = retVal.replace(match.group("result"), urlencode(match.group("result").strip(PAYLOAD_DELIMITER), convall=True)) - else: - retVal = retVal.replace(PAYLOAD_DELIMITER, '') + retVal = retVal.replace(PAYLOAD_DELIMITER, '') return retVal diff --git a/lib/request/connect.py b/lib/request/connect.py index 281d32141..5386b9e9c 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -400,25 +400,25 @@ class Connect: logger.log(9, payload) if place == PLACE.COOKIE and conf.cookieUrlencode: - value = agent.removePayloadDelimiters(value, False) + value = agent.removePayloadDelimiters(value) value = urlEncodeCookieValues(value) elif place: - value = agent.removePayloadDelimiters(value, URL_ENCODE_PAYLOAD[place]) + value = agent.removePayloadDelimiters(value) if conf.checkPayload: checkPayload(value) if PLACE.GET in conf.parameters: - get = urlencode(conf.parameters[PLACE.GET]) if place != PLACE.GET or not value else value + get = urlencode(conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value) if PLACE.POST in conf.parameters: - post = urlencode(conf.parameters[PLACE.POST]) if place != PLACE.POST or not value else value + post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value) if PLACE.COOKIE in conf.parameters: cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value if PLACE.UA in conf.parameters: - ua = urlencode(conf.parameters[PLACE.UA]) if place != PLACE.UA or not value else value + ua = urlencode(conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value) if PLACE.URI in conf.parameters: uri = conf.url if place != PLACE.URI or not value else value diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py index 657ef8e84..3a0a1fac3 100644 --- a/lib/techniques/inband/union/test.py +++ b/lib/techniques/inband/union/test.py @@ -137,6 +137,6 @@ def unionTest(comment, place, parameter, value, prefix, suffix): validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) if validPayload: - validPayload = agent.removePayloadDelimiters(validPayload, False) + validPayload = agent.removePayloadDelimiters(validPayload) return validPayload, vector