Fixes #3656

2025-07-11 08:42:36 +03:00 · 2019-05-14 13:58:42 +02:00 · 2019-05-14 13:58:42 +02:00 · aaa83a31d4
commit aaa83a31d4
parent 36cb4faf4d
5 changed files with 20 additions and 6 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -36,6 +36,7 @@ from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import removePostHintPrefix
 from lib.core.common import safeCSValue
 from lib.core.common import showHttpErrorCodes
 from lib.core.common import urlencode
@ -497,7 +498,7 @@ def start():
                            infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
                            logger.info(infoMsg)
-                        elif parameter in conf.testParameter:
+                        elif any(_ in conf.testParameter for _ in (parameter, removePostHintPrefix(parameter))):
                            pass
                        elif parameter in conf.rParam:
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -82,8 +82,9 @@ from lib.core.enums import LOGGING_LEVELS
 from lib.core.enums import MKSTEMP_PREFIX
 from lib.core.enums import OPTION_TYPE
 from lib.core.enums import OS
 from lib.core.enums import PLACE
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.enums import POST_HINT
 from lib.core.enums import REFLECTIVE_COUNTER
 from lib.core.enums import SORT_ORDER
 from lib.core.exception import SqlmapBaseException
@ -5071,6 +5072,18 @@ def firstNotNone(*args):
    return retVal
 def removePostHintPrefix(value):
    """
    Remove POST hint prefix from a given value (name)
    >>> removePostHintPrefix("JSON id")
    'id'
    >>> removePostHintPrefix("id")
    'id'
    """
    return re.sub(r"\A(%s) " % '|'.join(re.escape(__) for __ in getPublicTypeMembers(POST_HINT, onlyValues=True)), "", value)
 def chunkSplitPostData(data):
    """
    Convert POST data to chunked transfer-encoded data (Note: splitting done by SQL keywords)
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1585,8 +1585,7 @@ def _cleanupOptions():
    if conf.testParameter:
        conf.testParameter = urldecode(conf.testParameter)
-        conf.testParameter = conf.testParameter.replace(" ", "")
+        conf.testParameter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)]
        conf.testParameter = re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)
    else:
        conf.testParameter = []
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty import six
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.87"
+VERSION = "1.3.5.88"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -23,6 +23,7 @@ from lib.core.common import openFile
 from lib.core.common import paramToDict
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import removePostHintPrefix
 from lib.core.common import resetCookieJar
 from lib.core.common import urldecode
 from lib.core.compat import xrange
@ -110,7 +111,7 @@ def _setRequestParams():
        def process(match, repl):
            retVal = match.group(0)
-            if not (conf.testParameter and match.group("name") not in conf.testParameter):
+            if not (conf.testParameter and match.group("name") not in [removePostHintPrefix(_) for _ in conf.testParameter]):
                retVal = repl
                while True:
                    _ = re.search(r"\\g<([^>]+)>", retVal)