sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

adding switch --skip-urlencode to skip URL encoding of POST data

Browse Source
This commit is contained in:
Miroslav Stampar 2012-05-24 23:30:33 +00:00
parent 7657bbeaf9
commit c394610740
4 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/optiondict.py
View File

@ -48,6 +48,7 @@ optDict = {
"scope": "string", "scope": "string",
"safUrl": "string", "safUrl": "string",
"saFreq": "integer", "saFreq": "integer",
"skipUrlEncode": "boolean",
"evalCode": "string" "evalCode": "string"
}, },

4
lib/parse/cmdline.py
View File

@ -149,6 +149,10 @@ def cmdLineParser():
request.add_option("--safe-freq", dest="saFreq", type="int", request.add_option("--safe-freq", dest="saFreq", type="int",
help="Test requests between two visits to a given safe url") help="Test requests between two visits to a given safe url")
request.add_option("--skip-urlencode", dest="skipUrlEncode",
action="store_true",
help="Skip URL encoding of POST data")
request.add_option("--eval", dest="evalCode", request.add_option("--eval", dest="evalCode",
help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")") help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")

6
lib/request/connect.py
View File

@ -559,7 +559,7 @@ class Connect:
# addendum: as we support url encoding in tampering # addendum: as we support url encoding in tampering
# functions therefore we need to use % as a safe char # functions therefore we need to use % as a safe char
if place != PLACE.URI or (value and payload and '?' in value and value.find('?') < value.find(payload)): if place != PLACE.URI or (value and payload and '?' in value and value.find('?') < value.find(payload)):
payload = urlencode(payload, '%', False, True) payload = urlencode(payload, '%', False, True) if not place == PLACE.POST and conf.skipUrlEncode else payload
value = agent.replacePayload(value, payload) value = agent.replacePayload(value, payload)
elif place == PLACE.SOAP: elif place == PLACE.SOAP:
@ -653,9 +653,9 @@ class Connect:
get += "%s%s=%s" % (delimiter, name, value) get += "%s%s=%s" % (delimiter, name, value)
get = urlencode(get, limit=True) get = urlencode(get, limit=True)
if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE): if post and place not in (PLACE.POST, PLACE.SOAP) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
post = getattr(post, UNENCODED_ORIGINAL_VALUE) post = getattr(post, UNENCODED_ORIGINAL_VALUE)
else: elif not conf.skipUrlEncode and place not in (PLACE.SOAP,):
post = urlencode(post) post = urlencode(post)
if timeBasedCompare: if timeBasedCompare:

4
sqlmap.conf
View File

@ -138,6 +138,10 @@ safUrl =
# Default: 0 # Default: 0
saFreq = 0 saFreq = 0
# Skip URL encoding of POST data
# Valid: True or False
skipUrlEncode = False
# Evaluate provided Python code before the request. # Evaluate provided Python code before the request.
# Example: import hashlib;id2=hashlib.md5(id).hexdigest() # Example: import hashlib;id2=hashlib.md5(id).hexdigest()
evalCode = evalCode =