mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	Minor update for an Issue #49
This commit is contained in:
		
							parent
							
								
									84b05e2d18
								
							
						
					
					
						commit
						d464678e10
					
				|  | @ -13,6 +13,7 @@ from lib.core.common import Backend | |||
| from lib.core.common import extractRegexResult | ||||
| from lib.core.common import getSQLSnippet | ||||
| from lib.core.common import isDBMSVersionAtLeast | ||||
| from lib.core.common import isNumber | ||||
| from lib.core.common import isTechniqueAvailable | ||||
| from lib.core.common import randomInt | ||||
| from lib.core.common import randomStr | ||||
|  | @ -113,7 +114,7 @@ class Agent: | |||
| 
 | ||||
|         if place in (PLACE.URI, PLACE.CUSTOM_POST): | ||||
|             _ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR) | ||||
|             if kb.postHint == POST_HINT.JSON and not newValue.isdigit() and not '"%s"' % _ in paramString: | ||||
|             if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString: | ||||
|                 newValue = '"%s"' % newValue | ||||
|             retVal = paramString.replace(_, self.addPayloadDelimiters(newValue)).replace(CUSTOM_INJECTION_MARK_CHAR, "") | ||||
|         elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST): | ||||
|  |  | |||
|  | @ -3237,3 +3237,15 @@ def getRequestHeader(request, name): | |||
|     if request and name: | ||||
|         retVal = max(request.get_header(_) if name.upper() == _.upper() else None for _ in request.headers.keys()) | ||||
|     return retVal | ||||
| 
 | ||||
| def isNumber(value): | ||||
|     """ | ||||
|     Returns True if the given value is a number-like object | ||||
|     """ | ||||
| 
 | ||||
|     try: | ||||
|         _ = float(value) | ||||
|     except: | ||||
|         return False | ||||
|     else: | ||||
|         return True | ||||
|  |  | |||
|  | @ -94,7 +94,7 @@ def __setRequestParams(): | |||
|                 raise sqlmapUserQuitException | ||||
|             elif test[0] not in ("n", "N"): | ||||
|                 conf.data = re.sub(r'("[^"]+"\s*:\s*"[^"]+)"', r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, conf.data) | ||||
|                 conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?[\d\.]+\b)', r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, conf.data) | ||||
|                 conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?\d[\d\.]*\b)', r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, conf.data) | ||||
|                 kb.processUserMarks = True | ||||
|                 kb.postHint = POST_HINT.JSON | ||||
| 
 | ||||
|  |  | |||
|  | @ -695,7 +695,7 @@ class Connect: | |||
| 
 | ||||
|             if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE): | ||||
|                 post = getattr(post, UNENCODED_ORIGINAL_VALUE) | ||||
|             elif not skipUrlEncode and kb.postHint not in (POST_HINT.JSON, POST_HINT.SOAP): | ||||
|             elif not skipUrlEncode and kb.postHint not in POST_HINT_CONTENT_TYPES.keys(): | ||||
|                 post = urlencode(post) | ||||
| 
 | ||||
|         if timeBasedCompare: | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user