mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Minor update
This commit is contained in:
parent
d1008b45b5
commit
bcc907ce09
|
@ -99,6 +99,7 @@ from lib.core.settings import INVALID_UNICODE_CHAR_FORMAT
|
||||||
from lib.core.settings import ISSUES_PAGE
|
from lib.core.settings import ISSUES_PAGE
|
||||||
from lib.core.settings import IS_WIN
|
from lib.core.settings import IS_WIN
|
||||||
from lib.core.settings import LARGE_OUTPUT_THRESHOLD
|
from lib.core.settings import LARGE_OUTPUT_THRESHOLD
|
||||||
|
from lib.core.settings import MIN_ENCODED_LEN_CHECK
|
||||||
from lib.core.settings import MIN_TIME_RESPONSES
|
from lib.core.settings import MIN_TIME_RESPONSES
|
||||||
from lib.core.settings import ML
|
from lib.core.settings import ML
|
||||||
from lib.core.settings import NULL
|
from lib.core.settings import NULL
|
||||||
|
@ -570,7 +571,7 @@ def paramToDict(place, parameters=None):
|
||||||
for encoding in ("hex", "base64"):
|
for encoding in ("hex", "base64"):
|
||||||
try:
|
try:
|
||||||
decoded = value.decode(encoding)
|
decoded = value.decode(encoding)
|
||||||
if all(_ in string.printable for _ in decoded):
|
if len(decoded) > MIN_ENCODED_LEN_CHECK and all(_ in string.printable for _ in decoded):
|
||||||
warnMsg = "provided parameter '%s' " % parameter
|
warnMsg = "provided parameter '%s' " % parameter
|
||||||
warnMsg += "seems to be '%s' encoded" % encoding
|
warnMsg += "seems to be '%s' encoded" % encoding
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
|
@ -506,6 +506,9 @@ MIN_BINARY_DISK_DUMP_SIZE = 100
|
||||||
# Regular expression used for extracting form tags
|
# Regular expression used for extracting form tags
|
||||||
FORM_SEARCH_REGEX = r"(?si)<form(?!.+<form).+?</form>"
|
FORM_SEARCH_REGEX = r"(?si)<form(?!.+<form).+?</form>"
|
||||||
|
|
||||||
|
# Minimum field entry length needed for encoded content (hex, base64,...) check
|
||||||
|
MIN_ENCODED_LEN_CHECK = 5
|
||||||
|
|
||||||
# CSS style used in HTML dump format
|
# CSS style used in HTML dump format
|
||||||
HTML_DUMP_CSS_STYLE = """<style>
|
HTML_DUMP_CSS_STYLE = """<style>
|
||||||
table{
|
table{
|
||||||
|
|
Loading…
Reference in New Issue
Block a user