mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-11 08:42:36 +03:00
Fixes #3656
This commit is contained in:
parent
36cb4faf4d
commit
aaa83a31d4
|
@ -36,6 +36,7 @@ from lib.core.common import popValue
|
||||||
from lib.core.common import pushValue
|
from lib.core.common import pushValue
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
|
from lib.core.common import removePostHintPrefix
|
||||||
from lib.core.common import safeCSValue
|
from lib.core.common import safeCSValue
|
||||||
from lib.core.common import showHttpErrorCodes
|
from lib.core.common import showHttpErrorCodes
|
||||||
from lib.core.common import urlencode
|
from lib.core.common import urlencode
|
||||||
|
@ -497,7 +498,7 @@ def start():
|
||||||
infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
|
infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
elif parameter in conf.testParameter:
|
elif any(_ in conf.testParameter for _ in (parameter, removePostHintPrefix(parameter))):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
elif parameter in conf.rParam:
|
elif parameter in conf.rParam:
|
||||||
|
|
|
@ -82,8 +82,9 @@ from lib.core.enums import LOGGING_LEVELS
|
||||||
from lib.core.enums import MKSTEMP_PREFIX
|
from lib.core.enums import MKSTEMP_PREFIX
|
||||||
from lib.core.enums import OPTION_TYPE
|
from lib.core.enums import OPTION_TYPE
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
from lib.core.enums import PLACE
|
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
|
from lib.core.enums import PLACE
|
||||||
|
from lib.core.enums import POST_HINT
|
||||||
from lib.core.enums import REFLECTIVE_COUNTER
|
from lib.core.enums import REFLECTIVE_COUNTER
|
||||||
from lib.core.enums import SORT_ORDER
|
from lib.core.enums import SORT_ORDER
|
||||||
from lib.core.exception import SqlmapBaseException
|
from lib.core.exception import SqlmapBaseException
|
||||||
|
@ -5071,6 +5072,18 @@ def firstNotNone(*args):
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
def removePostHintPrefix(value):
|
||||||
|
"""
|
||||||
|
Remove POST hint prefix from a given value (name)
|
||||||
|
|
||||||
|
>>> removePostHintPrefix("JSON id")
|
||||||
|
'id'
|
||||||
|
>>> removePostHintPrefix("id")
|
||||||
|
'id'
|
||||||
|
"""
|
||||||
|
|
||||||
|
return re.sub(r"\A(%s) " % '|'.join(re.escape(__) for __ in getPublicTypeMembers(POST_HINT, onlyValues=True)), "", value)
|
||||||
|
|
||||||
def chunkSplitPostData(data):
|
def chunkSplitPostData(data):
|
||||||
"""
|
"""
|
||||||
Convert POST data to chunked transfer-encoded data (Note: splitting done by SQL keywords)
|
Convert POST data to chunked transfer-encoded data (Note: splitting done by SQL keywords)
|
||||||
|
|
|
@ -1585,8 +1585,7 @@ def _cleanupOptions():
|
||||||
|
|
||||||
if conf.testParameter:
|
if conf.testParameter:
|
||||||
conf.testParameter = urldecode(conf.testParameter)
|
conf.testParameter = urldecode(conf.testParameter)
|
||||||
conf.testParameter = conf.testParameter.replace(" ", "")
|
conf.testParameter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)]
|
||||||
conf.testParameter = re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)
|
|
||||||
else:
|
else:
|
||||||
conf.testParameter = []
|
conf.testParameter = []
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty import six
|
from thirdparty import six
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.5.87"
|
VERSION = "1.3.5.88"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -23,6 +23,7 @@ from lib.core.common import openFile
|
||||||
from lib.core.common import paramToDict
|
from lib.core.common import paramToDict
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
|
from lib.core.common import removePostHintPrefix
|
||||||
from lib.core.common import resetCookieJar
|
from lib.core.common import resetCookieJar
|
||||||
from lib.core.common import urldecode
|
from lib.core.common import urldecode
|
||||||
from lib.core.compat import xrange
|
from lib.core.compat import xrange
|
||||||
|
@ -110,7 +111,7 @@ def _setRequestParams():
|
||||||
def process(match, repl):
|
def process(match, repl):
|
||||||
retVal = match.group(0)
|
retVal = match.group(0)
|
||||||
|
|
||||||
if not (conf.testParameter and match.group("name") not in conf.testParameter):
|
if not (conf.testParameter and match.group("name") not in [removePostHintPrefix(_) for _ in conf.testParameter]):
|
||||||
retVal = repl
|
retVal = repl
|
||||||
while True:
|
while True:
|
||||||
_ = re.search(r"\\g<([^>]+)>", retVal)
|
_ = re.search(r"\\g<([^>]+)>", retVal)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user