sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for user-agent injections

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-23 23:23:30 +00:00
parent 818c9787b2
commit c1145c244e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/agent.py
View File

@ -104,8 +104,10 @@ class Agent:
child.text = self.addPayloadDelimiters(newValue) child.text = self.addPayloadDelimiters(newValue)
retValue = ET.tostring(root) retValue = ET.tostring(root)
elif place in (PLACE.UA, PLACE.URI): elif place == PLACE.URI:
retValue = paramString.replace("%s*" % origValue, self.addPayloadDelimiters(newValue)) retValue = paramString.replace("%s*" % origValue, self.addPayloadDelimiters(newValue))
elif place == PLACE.UA:
retValue = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
else: else:
retValue = paramString.replace("%s=%s" % (parameter, origValue), retValue = paramString.replace("%s=%s" % (parameter, origValue),
"%s=%s" % (parameter, self.addPayloadDelimiters(newValue))) "%s=%s" % (parameter, self.addPayloadDelimiters(newValue)))