mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 21:51:12 +03:00 
			
		
		
		
	one important fix (URI injection parameter '*' now can go anywhere)
This commit is contained in:
		
							parent
							
								
									c19d481bb1
								
							
						
					
					
						commit
						accf4e6ce0
					
				|  | @ -85,6 +85,8 @@ from lib.core.settings import TIME_STDEV_COEFF | ||||||
| from lib.core.settings import DYNAMICITY_MARK_LENGTH | from lib.core.settings import DYNAMICITY_MARK_LENGTH | ||||||
| from lib.core.settings import SENSITIVE_DATA_REGEX | from lib.core.settings import SENSITIVE_DATA_REGEX | ||||||
| from lib.core.settings import UNKNOWN_DBMS_VERSION | from lib.core.settings import UNKNOWN_DBMS_VERSION | ||||||
|  | from lib.core.settings import URI_INJECTION_MARK_CHAR | ||||||
|  | from lib.core.settings import URI_QUESTION_MARKER | ||||||
| from lib.core.threads import getCurrentThreadData | from lib.core.threads import getCurrentThreadData | ||||||
| 
 | 
 | ||||||
| class UnicodeRawConfigParser(RawConfigParser): | class UnicodeRawConfigParser(RawConfigParser): | ||||||
|  | @ -950,7 +952,6 @@ def parseTargetUrl(): | ||||||
|     """ |     """ | ||||||
|     Parse target url and set some attributes into the configuration singleton. |     Parse target url and set some attributes into the configuration singleton. | ||||||
|     """ |     """ | ||||||
| 
 |  | ||||||
|     if not conf.url: |     if not conf.url: | ||||||
|         return |         return | ||||||
| 
 | 
 | ||||||
|  | @ -960,6 +961,9 @@ def parseTargetUrl(): | ||||||
|         else: |         else: | ||||||
|             conf.url = "http://" + conf.url |             conf.url = "http://" + conf.url | ||||||
| 
 | 
 | ||||||
|  |     if URI_INJECTION_MARK_CHAR in conf.url: | ||||||
|  |         conf.url = conf.url.replace('?', URI_QUESTION_MARKER) | ||||||
|  | 
 | ||||||
|     __urlSplit = urlparse.urlsplit(conf.url) |     __urlSplit = urlparse.urlsplit(conf.url) | ||||||
|     __hostnamePort = __urlSplit[1].split(":") |     __hostnamePort = __urlSplit[1].split(":") | ||||||
| 
 | 
 | ||||||
|  | @ -986,6 +990,7 @@ def parseTargetUrl(): | ||||||
|         conf.parameters[PLACE.GET] = urldecode(__urlSplit[3]) |         conf.parameters[PLACE.GET] = urldecode(__urlSplit[3]) | ||||||
| 
 | 
 | ||||||
|     conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path) |     conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path) | ||||||
|  |     conf.url = conf.url.replace(URI_QUESTION_MARKER, '?') | ||||||
| 
 | 
 | ||||||
| def expandAsteriskForColumns(expression): | def expandAsteriskForColumns(expression): | ||||||
|     # If the user provided an asterisk rather than the column(s) |     # If the user provided an asterisk rather than the column(s) | ||||||
|  |  | ||||||
|  | @ -52,6 +52,8 @@ DUMP_TAB_MARKER     = "__TAB__" | ||||||
| DUMP_START_MARKER   = "__START__" | DUMP_START_MARKER   = "__START__" | ||||||
| DUMP_STOP_MARKER    = "__STOP__" | DUMP_STOP_MARKER    = "__STOP__" | ||||||
| 
 | 
 | ||||||
|  | URI_QUESTION_MARKER = "__QUESTION_MARK__" | ||||||
|  | 
 | ||||||
| PAYLOAD_DELIMITER   = "\x00" | PAYLOAD_DELIMITER   = "\x00" | ||||||
| CHAR_INFERENCE_MARK = "%c" | CHAR_INFERENCE_MARK = "%c" | ||||||
| NON_CONTROL_CHAR_REGEX = r'[^\x00-\x1f]' | NON_CONTROL_CHAR_REGEX = r'[^\x00-\x1f]' | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user