From 963f54e6d27e92823d0aa85e8a524c04eb14f6e4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 21 Jul 2011 10:06:52 +0000 Subject: [PATCH] minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job) --- lib/core/common.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index b834c11d7..2c2a04c3f 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -554,7 +554,7 @@ def paramToDict(place, parameters=None): for element in splitParams: elem = element.split("=") - if len(elem) == 2: + if len(elem) >= 2: parameter = elem[0].replace(" ", "") condition = not conf.testParameter @@ -569,7 +569,7 @@ def paramToDict(place, parameters=None): errMsg += "please, always use only valid parameter values " errMsg += "so sqlmap could be able to do a valid run." raise sqlmapSyntaxException, errMsg - testableParameters[parameter] = elem[1] + testableParameters[parameter] = "=".join(elem[1:]) else: root = ET.XML(parameters) iterator = root.getiterator()