mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Patch for an Issue #360
This commit is contained in:
parent
11e27f07e0
commit
bb6b89fe93
|
@ -1959,7 +1959,7 @@ def findMultipartPostBoundary(post):
|
|||
|
||||
return retVal
|
||||
|
||||
def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False):
|
||||
def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False, plusspace=True):
|
||||
result = value
|
||||
|
||||
if value:
|
||||
|
@ -1977,6 +1977,8 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
|
|||
char = chr(ord(match.group(1).decode("hex")))
|
||||
return char if char in charset else match.group(0)
|
||||
result = re.sub("%([0-9a-fA-F]{2})", _, value)
|
||||
|
||||
if plusspace:
|
||||
result = result.replace("+", " ") # plus sign has a special meaning in url encoded data (hence the usage of urllib.unquote_plus in convall case)
|
||||
|
||||
if isinstance(result, str):
|
||||
|
@ -1984,7 +1986,7 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
|
|||
|
||||
return result
|
||||
|
||||
def urlencode(value, safe="%&=", convall=False, limit=False):
|
||||
def urlencode(value, safe="%&=", convall=False, limit=False, spaceplus=False):
|
||||
if conf.direct:
|
||||
return value
|
||||
|
||||
|
@ -2016,6 +2018,9 @@ def urlencode(value, safe="%&=", convall=False, limit=False):
|
|||
else:
|
||||
break
|
||||
|
||||
if spaceplus:
|
||||
result = result.replace(urllib.quote(' '), '+')
|
||||
|
||||
return result
|
||||
|
||||
def runningAsAdmin():
|
||||
|
@ -2996,7 +3001,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
|
|||
url = urldecode(request.get_full_url(), kb.pageEncoding)
|
||||
method = request.get_method()
|
||||
data = request.get_data() if request.has_data() else None
|
||||
data = urldecode(data, kb.pageEncoding) if data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data
|
||||
data = urldecode(data, kb.pageEncoding, plusspace=False)
|
||||
|
||||
if not data and method and method.upper() == HTTPMETHOD.POST:
|
||||
debugMsg = "invalid POST form with blank data detected"
|
||||
|
|
|
@ -328,7 +328,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
|
|||
|
||||
if not(conf.scope and not re.search(conf.scope, url, re.I)):
|
||||
if not kb.targets or url not in addedTargetUrls:
|
||||
kb.targets.add((url, method, urldecode(data) if data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data, cookie))
|
||||
kb.targets.add((url, method, data, cookie))
|
||||
addedTargetUrls.add(url)
|
||||
|
||||
fp = openFile(reqFile, "rb")
|
||||
|
@ -1361,15 +1361,6 @@ def _cleanupOptions():
|
|||
if conf.data:
|
||||
conf.data = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.data, re.I)
|
||||
|
||||
if re.search(r'%[0-9a-f]{2}', conf.data, re.I):
|
||||
class _(unicode):
|
||||
pass
|
||||
original = conf.data
|
||||
conf.data = _(urldecode(conf.data))
|
||||
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
|
||||
else:
|
||||
conf.data = urldecode(conf.data)
|
||||
|
||||
if conf.url:
|
||||
conf.url = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.url, re.I)
|
||||
|
||||
|
@ -1591,6 +1582,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
|||
kb.safeCharEncode = False
|
||||
kb.singleLogFlags = set()
|
||||
kb.skipOthersDbms = None
|
||||
kb.postSpaceToPlus = False
|
||||
kb.stickyDBMS = False
|
||||
kb.stickyLevel = None
|
||||
kb.suppressResumeInfo = False
|
||||
|
|
|
@ -47,6 +47,7 @@ from lib.core.settings import REFERER_ALIASES
|
|||
from lib.core.settings import RESULTS_FILE_FORMAT
|
||||
from lib.core.settings import SOAP_RECOGNITION_REGEX
|
||||
from lib.core.settings import SUPPORTED_DBMS
|
||||
from lib.core.settings import UNENCODED_ORIGINAL_VALUE
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
from lib.core.settings import UNKNOWN_DBMS_VERSION
|
||||
from lib.core.settings import URI_INJECTABLE_REGEX
|
||||
|
@ -504,6 +505,18 @@ def initTargetEnv():
|
|||
_restoreCmdLineOptions()
|
||||
_setDBMS()
|
||||
|
||||
if conf.data:
|
||||
kb.postSpaceToPlus = '+' in conf.data
|
||||
|
||||
if re.search(r'%[0-9a-f]{2}', conf.data, re.I):
|
||||
class _(unicode):
|
||||
pass
|
||||
original = conf.data
|
||||
conf.data = _(urldecode(conf.data))
|
||||
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
|
||||
else:
|
||||
conf.data = urldecode(conf.data)
|
||||
|
||||
def setupTargetEnv():
|
||||
_createTargetDirs()
|
||||
_setRequestParams()
|
||||
|
|
|
@ -745,7 +745,7 @@ class Connect(object):
|
|||
if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
|
||||
post = getattr(post, UNENCODED_ORIGINAL_VALUE)
|
||||
elif not skipUrlEncode and kb.postHint not in POST_HINT_CONTENT_TYPES.keys():
|
||||
post = urlencode(post)
|
||||
post = urlencode(post, spaceplus=kb.postSpaceToPlus)
|
||||
|
||||
if timeBasedCompare:
|
||||
if len(kb.responseTimes) < MIN_TIME_RESPONSES:
|
||||
|
|
Loading…
Reference in New Issue
Block a user