centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels

2024-11-25 19:13:48 +03:00 · 2011-01-27 19:44:24 +00:00 · 2011-01-27 19:44:24 +00:00 · 8e74c571bc
commit 8e74c571bc
parent 49aeb41be8
4 changed files with 9 additions and 15 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -407,7 +407,7 @@ def checkSqlInjection(place, parameter, value):
                        # Feed with test details every time a test is successful
                        injection.data[stype] = advancedDict()
                        injection.data[stype].title = title
-                        injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload, False)
+                        injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload)
                        injection.data[stype].where = where
                        injection.data[stype].vector = vector
                        injection.data[stype].comment = comment
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -716,19 +716,13 @@ class Agent:

        return retVal

-    def removePayloadDelimiters(self, inpStr, urlencode_=True):
+    def removePayloadDelimiters(self, inpStr):
        """
        Removes payload delimiters from inside the input string
        """
        retVal = inpStr

        if inpStr:
-            if urlencode_:
-                regObj = getCompiledRegex("(?P<result>%s.*?%s)" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER))
-
-                for match in regObj.finditer(inpStr):
-                    retVal = retVal.replace(match.group("result"), urlencode(match.group("result").strip(PAYLOAD_DELIMITER), convall=True))
-            else:
            retVal = retVal.replace(PAYLOAD_DELIMITER, '')

        return retVal
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -400,25 +400,25 @@ class Connect:
            logger.log(9, payload)

        if place == PLACE.COOKIE and conf.cookieUrlencode:
-            value = agent.removePayloadDelimiters(value, False)
+            value = agent.removePayloadDelimiters(value)
            value = urlEncodeCookieValues(value)
        elif place:
-            value = agent.removePayloadDelimiters(value, URL_ENCODE_PAYLOAD[place])
+            value = agent.removePayloadDelimiters(value)

        if conf.checkPayload:
            checkPayload(value)

        if PLACE.GET in conf.parameters:
-            get = urlencode(conf.parameters[PLACE.GET]) if place != PLACE.GET or not value else value
+            get = urlencode(conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value)

        if PLACE.POST in conf.parameters:
-            post = urlencode(conf.parameters[PLACE.POST]) if place != PLACE.POST or not value else value
+            post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value)

        if PLACE.COOKIE in conf.parameters:
            cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value

        if PLACE.UA in conf.parameters:
-            ua = urlencode(conf.parameters[PLACE.UA]) if place != PLACE.UA or not value else value
+            ua = urlencode(conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value)

        if PLACE.URI in conf.parameters:
            uri = conf.url if place != PLACE.URI or not value else value
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@ -137,6 +137,6 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
    validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)

    if validPayload:
-        validPayload = agent.removePayloadDelimiters(validPayload, False)
+        validPayload = agent.removePayloadDelimiters(validPayload)

    return validPayload, vector