little clean up

lib/core/agent.py

@@ -28,6 +28,7 @@ from lib.core.enums import PLACE
 from lib.core.exception import sqlmapNoneDataException
 from lib.core.settings import FROM_TABLE
 from lib.core.settings import PAYLOAD_DELIMITER
+from lib.core.settings import URI_INJECTION_MARK_CHAR
 
 class Agent:
     """
@@ -76,7 +77,7 @@ class Agent:
         origValue = paramDict[parameter]
 
         if place == PLACE.URI:
-            origValue = origValue.split('*')[0]
+            origValue = origValue.split(URI_INJECTION_MARK_CHAR)[0]
             origValue = origValue[origValue.rfind('/') + 1:]
 
         if value is None:
@@ -105,7 +106,7 @@ class Agent:
 
             retValue = ET.tostring(root)
         elif place == PLACE.URI:
-            retValue = paramString.replace("%s*" % origValue, self.addPayloadDelimiters(newValue))
+            retValue = paramString.replace("%s%s" % (origValue, URI_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue))
         elif place == PLACE.UA:
             retValue = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
         else:

lib/core/settings.py

@@ -241,3 +241,6 @@ MIN_RATIO = 0.0
 
 # Maximum value for comparison ratio
 MAX_RATIO = 1.0
+
+# Character used for marking injectable position inside URI
+URI_INJECTION_MARK_CHAR = '*'

lib/core/target.py

@@ -33,6 +33,7 @@ from lib.core.option import __setKnowledgeBaseAttributes
 from lib.core.session import resumeConfKb
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import URI_INJECTABLE_REGEX
+from lib.core.settings import URI_INJECTION_MARK_CHAR
 from lib.core.xmldump import dumper as xmldumper
 from lib.request.connect import Connect as Request
 
@@ -80,7 +81,7 @@ def __setRequestParams():
         conf.method = HTTPMETHOD.POST
 
     if re.search(URI_INJECTABLE_REGEX, conf.url, re.I):
-        conf.url = "%s*" % conf.url
+        conf.url = "%s%s" % (conf.url, URI_INJECTION_MARK_CHAR)
 
     if "*" in conf.url:
         conf.parameters[PLACE.URI] = conf.url