sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor fix for --eval (urldecoded values should be used inside evaluation)

Browse Source
This commit is contained in:
Miroslav Stampar 2013-02-12 17:01:47 +01:00
parent b6f7da6832
commit c34f6e25b2
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/common.py
View File

@ -2025,7 +2025,7 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
pass pass
finally: finally:
if convall: if convall:
result = urllib.unquote_plus(value) result = urllib.unquote_plus(value) if plusspace else urllib.unquote(value)
else: else:
def _(match): def _(match):
charset = reduce(lambda x, y: x.replace(y, ""), unsafe, string.printable) charset = reduce(lambda x, y: x.replace(y, ""), unsafe, string.printable)

2
lib/request/connect.py
View File

@ -36,6 +36,7 @@ from lib.core.common import singleTimeWarnMessage
from lib.core.common import stdev from lib.core.common import stdev
from lib.core.common import wasLastResponseDelayed from lib.core.common import wasLastResponseDelayed
from lib.core.common import unicodeencode from lib.core.common import unicodeencode
from lib.core.common import urldecode
from lib.core.common import urlencode from lib.core.common import urlencode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -716,6 +717,7 @@ class Connect(object):
for part in item.split(delimiter): for part in item.split(delimiter):
if '=' in part: if '=' in part:
name, value = part.split('=', 1) name, value = part.split('=', 1)
value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
evaluateCode("%s=%s" % (name, repr(value)), variables) evaluateCode("%s=%s" % (name, repr(value)), variables)
originals.update(variables) originals.update(variables)