sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-29 04:53:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

little clean up

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-04 12:25:14 +00:00
parent 27601babb4
commit c19d481bb1
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/agent.py
View File

@ -28,6 +28,7 @@ from lib.core.enums import PLACE
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapNoneDataException
from lib.core.settings import FROM_TABLE from lib.core.settings import FROM_TABLE
from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import PAYLOAD_DELIMITER
from lib.core.settings import URI_INJECTION_MARK_CHAR
class Agent: class Agent:
""" """
@ -76,7 +77,7 @@ class Agent:
origValue = paramDict[parameter] origValue = paramDict[parameter]
if place == PLACE.URI: if place == PLACE.URI:
origValue = origValue.split('*')[0] origValue = origValue.split(URI_INJECTION_MARK_CHAR)[0]
origValue = origValue[origValue.rfind('/') + 1:] origValue = origValue[origValue.rfind('/') + 1:]
if value is None: if value is None:
@ -105,7 +106,7 @@ class Agent:
retValue = ET.tostring(root) retValue = ET.tostring(root)
elif place == PLACE.URI: elif place == PLACE.URI:
retValue = paramString.replace("%s*" % origValue, self.addPayloadDelimiters(newValue)) retValue = paramString.replace("%s%s" % (origValue, URI_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue))
elif place == PLACE.UA: elif place == PLACE.UA:
retValue = paramString.replace(origValue, self.addPayloadDelimiters(newValue)) retValue = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
else: else:

3
lib/core/settings.py
View File

@ -241,3 +241,6 @@ MIN_RATIO = 0.0
# Maximum value for comparison ratio # Maximum value for comparison ratio
MAX_RATIO = 1.0 MAX_RATIO = 1.0
# Character used for marking injectable position inside URI
URI_INJECTION_MARK_CHAR = '*'

3
lib/core/target.py
View File

@ -33,6 +33,7 @@ from lib.core.option import __setKnowledgeBaseAttributes
from lib.core.session import resumeConfKb from lib.core.session import resumeConfKb
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import URI_INJECTABLE_REGEX from lib.core.settings import URI_INJECTABLE_REGEX
from lib.core.settings import URI_INJECTION_MARK_CHAR
from lib.core.xmldump import dumper as xmldumper from lib.core.xmldump import dumper as xmldumper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
@ -80,7 +81,7 @@ def __setRequestParams():
conf.method = HTTPMETHOD.POST conf.method = HTTPMETHOD.POST
if re.search(URI_INJECTABLE_REGEX, conf.url, re.I): if re.search(URI_INJECTABLE_REGEX, conf.url, re.I):
conf.url = "%s*" % conf.url conf.url = "%s%s" % (conf.url, URI_INJECTION_MARK_CHAR)
if "*" in conf.url: if "*" in conf.url:
conf.parameters[PLACE.URI] = conf.url conf.parameters[PLACE.URI] = conf.url