sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix for an Issue #190

Browse Source
This commit is contained in:
Miroslav Stampar 2012-09-22 20:59:40 +02:00
parent a6eeebfca8
commit d175decdfc
5 changed files with 7 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/core/common.py
View File

@ -1301,30 +1301,6 @@ def searchEnvPath(filename):
return retVal
def urlEncodeCookieValues(cookieStr):
if cookieStr:
retVal = ""
for part in cookieStr.split(';'):
index = part.find('=') + 1
if index > 0:
name = part[:index - 1].strip()
value = urlencode(part[index:], convall=True)
retVal += "; %s=%s" % (name, value)
elif part.strip().lower() != "secure":
retVal += "%s%s" % ("%3B", urlencode(part, convall=True))
else:
retVal += "; secure"
if retVal.startswith('; '):
retVal = retVal[2:]
elif retVal.startswith('%3B'):
retVal = retVal[3:]
return retVal
else:
return None
def directoryPath(filepath):
"""
Returns directory path for a given filepath

1
lib/core/optiondict.py
View File

@ -25,7 +25,6 @@ optDict = {
"pDel": "string",
"cookie": "string",
"loadCookies": "string",
"cookieUrlencode": "boolean",
"dropSetCookie": "boolean",
"agent": "string",
"randomAgent": "boolean",

4
lib/parse/cmdline.py
View File

@ -80,10 +80,6 @@ def cmdLineParser():
request.add_option("--load-cookies", dest="loadCookies",
help="File containing cookies in Netscape/wget format")
request.add_option("--cookie-urlencode", dest="cookieUrlencode",
action="store_true",
help="URL Encode generated cookie injections")
request.add_option("--drop-set-cookie", dest="dropSetCookie",
action="store_true",
help="Ignore Set-Cookie header from response")

18
lib/request/connect.py
View File

@ -32,7 +32,6 @@ from lib.core.common import readInput
from lib.core.common import removeReflectiveValues
from lib.core.common import singleTimeWarnMessage
from lib.core.common import stdev
from lib.core.common import urlEncodeCookieValues
from lib.core.common import wasLastRequestDelayed
from lib.core.common import unicodeencode
from lib.core.common import urlencode
@ -577,7 +576,13 @@ class Connect:
logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload))
if place in (PLACE.GET, PLACE.POST, PLACE.URI, PLACE.CUSTOM_POST):
if place == PLACE.SOAP:
# payloads in SOAP should have chars > and < replaced
# with their HTML encoded counterparts
payload = payload.replace('>', "&gt;").replace('<', "&lt;")
value = agent.replacePayload(value, payload)
else:
# payloads in GET and/or POST need to be urlencoded
# throughly without safe chars (especially & and =)
# addendum: as we support url encoding in tampering
@ -586,18 +591,9 @@ class Connect:
payload = urlencode(payload, '%', False, True) if place not in (PLACE.POST, PLACE.CUSTOM_POST) and not skipUrlEncode else payload
value = agent.replacePayload(value, payload)
elif place == PLACE.SOAP:
# payloads in SOAP should have chars > and < replaced
# with their HTML encoded counterparts
payload = payload.replace('>', "&gt;").replace('<', "&lt;")
value = agent.replacePayload(value, payload)
if place:
value = agent.removePayloadDelimiters(value)
if place == PLACE.COOKIE and conf.cookieUrlencode:
value = urlEncodeCookieValues(value)
if conf.checkPayload:
checkPayload(value)

4
sqlmap.conf
View File

@ -45,10 +45,6 @@ cookie =
# File containing cookies in Netscape/wget format
loadCookies =
# URL-encode generated cookie injections.
# Valid: True or False
cookieUrlencode = False
# Ignore Set-Cookie header from response
# Valid: True or False
dropSetCookie = False