mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 11:33:47 +03:00
Minor fix for --eval (urldecoded values should be used inside evaluation)
This commit is contained in:
parent
b6f7da6832
commit
c34f6e25b2
|
@ -2025,7 +2025,7 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
|
||||||
pass
|
pass
|
||||||
finally:
|
finally:
|
||||||
if convall:
|
if convall:
|
||||||
result = urllib.unquote_plus(value)
|
result = urllib.unquote_plus(value) if plusspace else urllib.unquote(value)
|
||||||
else:
|
else:
|
||||||
def _(match):
|
def _(match):
|
||||||
charset = reduce(lambda x, y: x.replace(y, ""), unsafe, string.printable)
|
charset = reduce(lambda x, y: x.replace(y, ""), unsafe, string.printable)
|
||||||
|
|
|
@ -36,6 +36,7 @@ from lib.core.common import singleTimeWarnMessage
|
||||||
from lib.core.common import stdev
|
from lib.core.common import stdev
|
||||||
from lib.core.common import wasLastResponseDelayed
|
from lib.core.common import wasLastResponseDelayed
|
||||||
from lib.core.common import unicodeencode
|
from lib.core.common import unicodeencode
|
||||||
|
from lib.core.common import urldecode
|
||||||
from lib.core.common import urlencode
|
from lib.core.common import urlencode
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
|
@ -716,6 +717,7 @@ class Connect(object):
|
||||||
for part in item.split(delimiter):
|
for part in item.split(delimiter):
|
||||||
if '=' in part:
|
if '=' in part:
|
||||||
name, value = part.split('=', 1)
|
name, value = part.split('=', 1)
|
||||||
|
value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
|
||||||
evaluateCode("%s=%s" % (name, repr(value)), variables)
|
evaluateCode("%s=%s" % (name, repr(value)), variables)
|
||||||
|
|
||||||
originals.update(variables)
|
originals.update(variables)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user