sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-23 15:54:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor patch (it would go boom if special character was inside the --param-del)

Browse Source
This commit is contained in:
Miroslav Stampar 2014-04-06 17:02:32 +02:00
parent 053b0fd0e9
commit cf250a0381
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@ -277,7 +277,7 @@ def start():
testSqlInj = False
if PLACE.GET in conf.parameters and not any([conf.data, conf.testParameter]):
for parameter in re.findall(r"([^=]+)=([^%s]+%s?|\Z)" % (conf.paramDel or DEFAULT_GET_POST_DELIMITER, conf.paramDel or DEFAULT_GET_POST_DELIMITER), conf.parameters[PLACE.GET]):
for parameter in re.findall(r"([^=]+)=([^%s]+%s?|\Z)" % (re.escape(conf.paramDel) or DEFAULT_GET_POST_DELIMITER, re.escape(conf.paramDel) or DEFAULT_GET_POST_DELIMITER), conf.parameters[PLACE.GET]):
paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0])
if paramKey not in kb.testedParams: