mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Fix for an Issue #248
This commit is contained in:
parent
9a54a911a8
commit
d37be5f97b
|
@ -28,6 +28,7 @@ from lib.core.enums import PAYLOAD
|
||||||
from lib.core.enums import PLACE
|
from lib.core.enums import PLACE
|
||||||
from lib.core.enums import POST_HINT
|
from lib.core.enums import POST_HINT
|
||||||
from lib.core.exception import sqlmapNoneDataException
|
from lib.core.exception import sqlmapNoneDataException
|
||||||
|
from lib.core.settings import ASTERISK_MARKER
|
||||||
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
|
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
|
||||||
from lib.core.settings import GENERIC_SQL_COMMENT
|
from lib.core.settings import GENERIC_SQL_COMMENT
|
||||||
from lib.core.settings import PAYLOAD_DELIMITER
|
from lib.core.settings import PAYLOAD_DELIMITER
|
||||||
|
@ -116,7 +117,9 @@ class Agent:
|
||||||
_ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR)
|
_ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR)
|
||||||
if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString:
|
if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString:
|
||||||
newValue = '"%s"' % newValue
|
newValue = '"%s"' % newValue
|
||||||
retVal = paramString.replace(_, self.addPayloadDelimiters(newValue)).replace(CUSTOM_INJECTION_MARK_CHAR, "")
|
newValue = newValue.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
|
||||||
|
retVal = paramString.replace(_, self.addPayloadDelimiters(newValue))
|
||||||
|
retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(ASTERISK_MARKER, CUSTOM_INJECTION_MARK_CHAR)
|
||||||
elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
|
elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
|
||||||
retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
|
retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -36,10 +36,9 @@ UPPER_RATIO_BOUND = 0.98
|
||||||
# Markers for special cases when parameter values contain html encoded characters
|
# Markers for special cases when parameter values contain html encoded characters
|
||||||
PARAMETER_AMP_MARKER = "__AMP__"
|
PARAMETER_AMP_MARKER = "__AMP__"
|
||||||
PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__"
|
PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__"
|
||||||
|
|
||||||
PARTIAL_VALUE_MARKER = "__PARTIAL__"
|
PARTIAL_VALUE_MARKER = "__PARTIAL__"
|
||||||
|
|
||||||
URI_QUESTION_MARKER = "__QUESTION_MARK__"
|
URI_QUESTION_MARKER = "__QUESTION_MARK__"
|
||||||
|
ASTERISK_MARKER = "__ASTERISK_MARK__"
|
||||||
|
|
||||||
PAYLOAD_DELIMITER = "\x00"
|
PAYLOAD_DELIMITER = "\x00"
|
||||||
CHAR_INFERENCE_MARK = "%c"
|
CHAR_INFERENCE_MARK = "%c"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user