mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
This commit is contained in:
parent
49aeb41be8
commit
8e74c571bc
|
@ -407,7 +407,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
# Feed with test details every time a test is successful
|
||||
injection.data[stype] = advancedDict()
|
||||
injection.data[stype].title = title
|
||||
injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload, False)
|
||||
injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload)
|
||||
injection.data[stype].where = where
|
||||
injection.data[stype].vector = vector
|
||||
injection.data[stype].comment = comment
|
||||
|
|
|
@ -716,20 +716,14 @@ class Agent:
|
|||
|
||||
return retVal
|
||||
|
||||
def removePayloadDelimiters(self, inpStr, urlencode_=True):
|
||||
def removePayloadDelimiters(self, inpStr):
|
||||
"""
|
||||
Removes payload delimiters from inside the input string
|
||||
"""
|
||||
retVal = inpStr
|
||||
|
||||
if inpStr:
|
||||
if urlencode_:
|
||||
regObj = getCompiledRegex("(?P<result>%s.*?%s)" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER))
|
||||
|
||||
for match in regObj.finditer(inpStr):
|
||||
retVal = retVal.replace(match.group("result"), urlencode(match.group("result").strip(PAYLOAD_DELIMITER), convall=True))
|
||||
else:
|
||||
retVal = retVal.replace(PAYLOAD_DELIMITER, '')
|
||||
retVal = retVal.replace(PAYLOAD_DELIMITER, '')
|
||||
|
||||
return retVal
|
||||
|
||||
|
|
|
@ -400,25 +400,25 @@ class Connect:
|
|||
logger.log(9, payload)
|
||||
|
||||
if place == PLACE.COOKIE and conf.cookieUrlencode:
|
||||
value = agent.removePayloadDelimiters(value, False)
|
||||
value = agent.removePayloadDelimiters(value)
|
||||
value = urlEncodeCookieValues(value)
|
||||
elif place:
|
||||
value = agent.removePayloadDelimiters(value, URL_ENCODE_PAYLOAD[place])
|
||||
value = agent.removePayloadDelimiters(value)
|
||||
|
||||
if conf.checkPayload:
|
||||
checkPayload(value)
|
||||
|
||||
if PLACE.GET in conf.parameters:
|
||||
get = urlencode(conf.parameters[PLACE.GET]) if place != PLACE.GET or not value else value
|
||||
get = urlencode(conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value)
|
||||
|
||||
if PLACE.POST in conf.parameters:
|
||||
post = urlencode(conf.parameters[PLACE.POST]) if place != PLACE.POST or not value else value
|
||||
post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value)
|
||||
|
||||
if PLACE.COOKIE in conf.parameters:
|
||||
cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value
|
||||
|
||||
if PLACE.UA in conf.parameters:
|
||||
ua = urlencode(conf.parameters[PLACE.UA]) if place != PLACE.UA or not value else value
|
||||
ua = urlencode(conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value)
|
||||
|
||||
if PLACE.URI in conf.parameters:
|
||||
uri = conf.url if place != PLACE.URI or not value else value
|
||||
|
|
|
@ -137,6 +137,6 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
|
|||
validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
|
||||
|
||||
if validPayload:
|
||||
validPayload = agent.removePayloadDelimiters(validPayload, False)
|
||||
validPayload = agent.removePayloadDelimiters(validPayload)
|
||||
|
||||
return validPayload, vector
|
||||
|
|
Loading…
Reference in New Issue
Block a user