sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-04 05:03:20 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor update for an Issue

Browse Source
This commit is contained in:
Miroslav Stampar 2012-10-04 18:01:42 +02:00
parent 84b05e2d18
commit d464678e10
4 changed files with 16 additions and 3 deletions

3
lib/core/agent.py
View File

@ -13,6 +13,7 @@ from lib.core.common import Backend
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import getSQLSnippet from lib.core.common import getSQLSnippet
from lib.core.common import isDBMSVersionAtLeast from lib.core.common import isDBMSVersionAtLeast
from lib.core.common import isNumber
from lib.core.common import isTechniqueAvailable from lib.core.common import isTechniqueAvailable
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
@ -113,7 +114,7 @@ class Agent:
if place in (PLACE.URI, PLACE.CUSTOM_POST): if place in (PLACE.URI, PLACE.CUSTOM_POST):
_ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR) _ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR)
if kb.postHint == POST_HINT.JSON and not newValue.isdigit() and not '"%s"' % _ in paramString: if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString:
newValue = '"%s"' % newValue newValue = '"%s"' % newValue
retVal = paramString.replace(_, self.addPayloadDelimiters(newValue)).replace(CUSTOM_INJECTION_MARK_CHAR, "") retVal = paramString.replace(_, self.addPayloadDelimiters(newValue)).replace(CUSTOM_INJECTION_MARK_CHAR, "")
elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST): elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):

12
lib/core/common.py
View File

@ -3237,3 +3237,15 @@ def getRequestHeader(request, name):
if request and name: if request and name:
retVal = max(request.get_header(_) if name.upper() == _.upper() else None for _ in request.headers.keys()) retVal = max(request.get_header(_) if name.upper() == _.upper() else None for _ in request.headers.keys())
return retVal return retVal
def isNumber(value):
"""
Returns True if the given value is a number-like object
"""
try:
_ = float(value)
except:
return False
else:
return True

2
lib/core/target.py
View File

@ -94,7 +94,7 @@ def __setRequestParams():
raise sqlmapUserQuitException raise sqlmapUserQuitException
elif test[0] not in ("n", "N"): elif test[0] not in ("n", "N"):
conf.data = re.sub(r'("[^"]+"\s*:\s*"[^"]+)"', r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, conf.data) conf.data = re.sub(r'("[^"]+"\s*:\s*"[^"]+)"', r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, conf.data)
conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?[\d\.]+\b)', r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, conf.data) conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?\d[\d\.]*\b)', r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, conf.data)
kb.processUserMarks = True kb.processUserMarks = True
kb.postHint = POST_HINT.JSON kb.postHint = POST_HINT.JSON

2
lib/request/connect.py
View File

@ -695,7 +695,7 @@ class Connect:
if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE): if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
post = getattr(post, UNENCODED_ORIGINAL_VALUE) post = getattr(post, UNENCODED_ORIGINAL_VALUE)
elif not skipUrlEncode and kb.postHint not in (POST_HINT.JSON, POST_HINT.SOAP): elif not skipUrlEncode and kb.postHint not in POST_HINT_CONTENT_TYPES.keys():
post = urlencode(post) post = urlencode(post)
if timeBasedCompare: if timeBasedCompare: