sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 19:55:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Cosmetics and major bug fix

Browse Source
This commit is contained in:
Bernardo Damele 2011-04-21 21:15:23 +00:00
parent 870f773d70
commit edc2d75702
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/controller.py
View File

@ -198,9 +198,11 @@ def start():
parseTargetUrl() parseTargetUrl()
testSqlInj = False testSqlInj = False
if PLACE.GET in conf.parameters: if PLACE.GET in conf.parameters:
for parameter in re.findall(r"([^=]+)=([^&]+&?|\Z)", conf.parameters[PLACE.GET]): for parameter in re.findall(r"([^=]+)=([^&]+&?|\Z)", conf.parameters[PLACE.GET]):
paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0]) paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0])
if paramKey not in kb.testedParams: if paramKey not in kb.testedParams:
testSqlInj = True testSqlInj = True
break break
@ -218,6 +220,7 @@ def start():
if conf.multipleTargets: if conf.multipleTargets:
hostCount += 1 hostCount += 1
if conf.forms: if conf.forms:
message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl) message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
else: else:
@ -254,7 +257,7 @@ def start():
# we need to reinitialize environment as # we need to reinitialize environment as
# we are expecting changes in testing data # we are expecting changes in testing data
initTargetEnv() #initTargetEnv()
parseTargetUrl() parseTargetUrl()
elif test[0] in ("n", "N"): elif test[0] in ("n", "N"):

5
lib/core/target.py
View File

@ -92,13 +92,18 @@ def __setRequestParams():
conf.parameters[PLACE.URI] = conf.url conf.parameters[PLACE.URI] = conf.url
conf.paramDict[PLACE.URI] = {} conf.paramDict[PLACE.URI] = {}
parts = conf.url.split(URI_INJECTION_MARK_CHAR) parts = conf.url.split(URI_INJECTION_MARK_CHAR)
for i in range(len(parts)-1): for i in range(len(parts)-1):
result = str() result = str()
for j in range(len(parts)): for j in range(len(parts)):
result += parts[j] result += parts[j]
if i == j: if i == j:
result += URI_INJECTION_MARK_CHAR result += URI_INJECTION_MARK_CHAR
conf.paramDict[PLACE.URI]["#%d%s" % (i+1, URI_INJECTION_MARK_CHAR)] = result conf.paramDict[PLACE.URI]["#%d%s" % (i+1, URI_INJECTION_MARK_CHAR)] = result
conf.url = conf.url.replace(URI_INJECTION_MARK_CHAR, str()) conf.url = conf.url.replace(URI_INJECTION_MARK_CHAR, str())
__testableParameters = True __testableParameters = True