From c19d481bb1a1e46b6fd792a300535c83f3fa1f22 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 4 Feb 2011 12:25:14 +0000
Subject: [PATCH] little clean up

---
 lib/core/agent.py    | 5 +++--
 lib/core/settings.py | 3 +++
 lib/core/target.py   | 3 ++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 5afcd61ec..67eb99abc 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -28,6 +28,7 @@ from lib.core.enums import PLACE
 from lib.core.exception import sqlmapNoneDataException
 from lib.core.settings import FROM_TABLE
 from lib.core.settings import PAYLOAD_DELIMITER
+from lib.core.settings import URI_INJECTION_MARK_CHAR
 
 class Agent:
     """
@@ -76,7 +77,7 @@ class Agent:
         origValue = paramDict[parameter]
 
         if place == PLACE.URI:
-            origValue = origValue.split('*')[0]
+            origValue = origValue.split(URI_INJECTION_MARK_CHAR)[0]
             origValue = origValue[origValue.rfind('/') + 1:]
 
         if value is None:
@@ -105,7 +106,7 @@ class Agent:
 
             retValue = ET.tostring(root)
         elif place == PLACE.URI:
-            retValue = paramString.replace("%s*" % origValue, self.addPayloadDelimiters(newValue))
+            retValue = paramString.replace("%s%s" % (origValue, URI_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue))
         elif place == PLACE.UA:
             retValue = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
         else:
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 809091a11..d14fc4f83 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -241,3 +241,6 @@ MIN_RATIO = 0.0
 
 # Maximum value for comparison ratio
 MAX_RATIO = 1.0
+
+# Character used for marking injectable position inside URI
+URI_INJECTION_MARK_CHAR = '*'
diff --git a/lib/core/target.py b/lib/core/target.py
index fde2fb79b..8600e2937 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -33,6 +33,7 @@ from lib.core.option import __setKnowledgeBaseAttributes
 from lib.core.session import resumeConfKb
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import URI_INJECTABLE_REGEX
+from lib.core.settings import URI_INJECTION_MARK_CHAR
 from lib.core.xmldump import dumper as xmldumper
 from lib.request.connect import Connect as Request
 
@@ -80,7 +81,7 @@ def __setRequestParams():
         conf.method = HTTPMETHOD.POST
 
     if re.search(URI_INJECTABLE_REGEX, conf.url, re.I):
-        conf.url = "%s*" % conf.url
+        conf.url = "%s%s" % (conf.url, URI_INJECTION_MARK_CHAR)
 
     if "*" in conf.url:
         conf.parameters[PLACE.URI] = conf.url